Skills
skills/tobihagemann/turbo/pick-next-issue/Gen Agent Trust Hub

pick-next-issue

Pass

Audited by Gen Agent Trust Hub on Apr 18, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the gh CLI tool to list and view GitHub issues. These commands are used to fetch public or repository-specific metadata and descriptions.
  • [SAFE]: No malicious behaviors such as data exfiltration, credential harvesting, or unauthorized persistence were identified. The tool's operations are confined to read-only interactions with GitHub issues.
  • [SAFE]: Indirect Prompt Injection Surface:
  • Ingestion points: External content enters the agent's context through gh issue list (Step 1) and gh issue view (Step 4).
  • Boundary markers: None identified; fetched content is passed directly to the planning step.
  • Capability inventory: The skill executes shell commands (gh) and invokes another skill (/turboplan).
  • Sanitization: None mentioned for the issue content being processed. While this presents a surface for indirect prompt injection, it is standard for tools interacting with issue trackers and does not elevate the risk level for this specific implementation.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 18, 2026, 11:00 PM