Skills
skills/toss/es-toolkit/issue-review/Gen Agent Trust Hub

issue-review

Pass

Audited by Gen Agent Trust Hub on Apr 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes bash commands using the GitHub CLI (gh) that interpolate variables such as {count}, {number}, and {function name}. These variables are derived from user input or external GitHub issue content (titles and bodies). This creates a surface for command injection if the agent does not adequately sanitize or escape the content before executing the shell command.
  • [DATA_EXFILTRATION]: The skill performs network operations via the gh tool to interact with the toss/es-toolkit repository. While these operations are directed at the vendor's own infrastructure, they represent external data movement.
  • [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks as it reads and processes untrusted content from GitHub issues (titles, bodies, and comments). An attacker could craft an issue containing instructions designed to override the agent's logic or influence its summary/labeling decisions.
  • Ingestion points: Untrusted data enters the agent context via the output of gh issue list and gh issue view (SKILL.md, Workflow steps 1 and 2a).
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are used when processing issue content.
  • Capability inventory: The skill has access to the Bash tool for shell execution and the Skill tool for invoking other functionalities.
  • Sanitization: No evidence of input validation or content escaping was found in the provided workflow.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 7, 2026, 06:19 AM