analyse-issue
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill fetches and processes untrusted data from GitHub issue titles, descriptions, and comments. This content is used to guide the agent's analysis of the local codebase and may influence the execution of 'focused tests'. A malicious actor could craft a GitHub issue containing instructions to manipulate the agent's behavior.
- Ingestion points: GitHub issue content retrieved via 'gh' or 'curl' (Step 3).
- Boundary markers: Absent. The workflow does not specify delimiters or instructions to ignore embedded commands within the issue text.
- Capability inventory: File system inspection ('rg'), repository metadata access ('git'), and arbitrary command execution ('run focused tests').
- Sanitization: Absent. The issue content is parsed and used directly to extract signals for analysis.
Audit Metadata