Skills
skills/toss/es-toolkit/issue-label/Gen Agent Trust Hub

issue-label

Pass

Audited by Gen Agent Trust Hub on Apr 7, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from GitHub issues. \n
  • Ingestion points: The skill fetches the title and body of a GitHub issue via the gh issue view command in SKILL.md. \n
  • Boundary markers: The skill lacks delimiters or instructions to ignore potential commands embedded in the issue content. \n
  • Capability inventory: The skill uses the Bash tool and can modify repository states via gh issue edit. \n
  • Sanitization: No sanitization is performed on fetched content before analysis. \n- [COMMAND_EXECUTION]: The skill dynamically constructs shell commands using variables like {label} that are derived from untrusted issue content. If the agent is manipulated into selecting a label containing shell metacharacters, it could lead to arbitrary command execution on the user's system.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 7, 2026, 06:20 AM