implement-issue
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes untrusted data from external sources (GitHub issue titles, bodies, and comments) using
gh issue view. An attacker could embed malicious instructions in an issue that might trick the agent into performing unauthorized actions during the implementation or testing phases. - Ingestion points:
gh issue viewoutput (metadata, body, comments) in Step 1. - Boundary markers: Absent. The instructions do not use delimiters or explicit warnings to the agent to treat issue content as data rather than instructions.
- Capability inventory: Extensive local capabilities including file system modification, shell execution (
git,gh, test/build runners), and background agent spawning (exploreagents). - Sanitization: Absent. The skill treats the issue body as a set of requirements to be implemented without filtering.
- [Command Execution] (LOW): The skill dynamically detects and executes test and build commands (e.g.,
npm test,go test,make test) based on the repository's configuration files. This is expected behavior for a developer tool but poses a risk if the repository contains malicious build scripts or configuration.
Audit Metadata