issue-lifecycle
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [Command Execution] (SAFE): The skill executes standard commands using
gh,jq,sed, anddate. These operations are well-scoped to the stated purpose of updating issue statuses, comments, and bodies. All commands use typical patterns for GitHub API interaction via the CLI. - [Indirect Prompt Injection] (LOW): The skill ingests untrusted data by reading GitHub issue bodies and comments (
gh issue view). This presents a theoretical surface for indirect prompt injection if an attacker-controlled issue contains malicious instructions. - Ingestion points:
SKILL.md(lines 53, 155) reads issue bodies and comments. - Boundary markers: Absent. The skill does not explicitly instruct the agent to ignore instructions found within the fetched data.
- Capability inventory: The skill possesses the ability to edit issues and comments, providing a mechanism for an agent to propagate injected instructions or perform unintended writes if successfully influenced.
- Sanitization: Absent. Data is processed as raw strings for replacement operations.
Audit Metadata