github-issues
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is instructed to read and adapt to existing repository content, which could contain malicious instructions.
- Ingestion points: The agent reads existing issues, documentation, code, and templates from the repository as specified in
SKILL.md(Workflow steps 1, 3, and 5). - Boundary markers: There are no boundary markers or instructions to ignore embedded commands within the fetched issue data or templates.
- Capability inventory: The skill has the capability to create, update, and comment on GitHub issues, as well as manage sub-issue hierarchies.
- Sanitization: There is no mention of sanitizing or validating external input before it is interpolated into new issue bodies or titles.
Audit Metadata