update-issue
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection risk through the ingestion of external GitHub issue content and templates.
- Ingestion points: The skill reads untrusted data via
gh issue view <number>and files in.github/ISSUE_TEMPLATE/. - Boundary markers: Absent. The workflow does not include instructions to the agent to ignore or delimit potentially malicious instructions embedded within the issue body or template fields.
- Capability inventory: The skill uses
gh issue edit, allowing the agent to modify repository content. A successful indirect injection could cause the agent to perform unauthorized edits, such as changing labels, assignees, or closing issues. - Sanitization: Absent. There is no evidence of input validation or instruction filtering for the content retrieved from the GitHub API.
Audit Metadata