milestone-management
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill possesses an attack surface where untrusted data from GitHub milestone titles or descriptions could influence agent behavior.
- Ingestion points: Data is fetched from the GitHub API via
gh api repos/$GITHUB_OWNER/$GITHUB_REPO/milestonesand stored in variables likeTITLEandMILESTONE_DATA. - Boundary markers: Absent. There are no instructions or delimiters informing the agent to ignore potentially malicious instructions embedded within the milestone content.
- Capability inventory: The skill can perform write operations (
gh api -X POST/PATCH), edit issues (gh issue edit), and modify the agent's long-term memory (mcp__memory__create_entities). - Sanitization: Absent. The script uses
jq -rto extract strings but does not validate or sanitize the content for instructional injection patterns. - Command Execution (SAFE): The skill makes extensive use of the
ghCLI and shell loops to automate GitHub management tasks. - Context: These operations are central to the skill's primary purpose of milestone management.
- Risk: While powerful, the commands are constructed using standard variables and placeholders intended for repository administration.
Audit Metadata