agent-github-issues
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the 'Bash' tool to execute 'gh' (GitHub CLI) commands for creating, editing, and querying issues. This is the primary and legitimate purpose of the skill.
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection because it reads untrusted data from an external source (GitHub issues).
- Ingestion points: External data enters the agent context via 'gh issue view' and 'gh issue list' commands which retrieve content (titles, bodies, comments) from GitHub.
- Boundary markers: Absent. There are no explicit instructions or delimiters defined to prevent the agent from following instructions potentially embedded within issue descriptions.
- Capability inventory: The skill has access to the 'Bash' tool, which allows it to execute CLI commands and interact with the filesystem/GitHub.
- Sanitization: Absent. There is no evidence of content filtering or validation for the data retrieved from GitHub before it is processed by the agent.
Audit Metadata