github-issue-tracker
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill is susceptible to indirect prompt injection because it processes data from external sources (GitHub issues) that could contain malicious instructions. • Ingestion points: Data enters the agent context through 'gh issue view' and 'gh issue list' commands in the 'github-issue-tracker' skill. • Boundary markers: No delimiters or protective instructions are used to distinguish issue content from agent instructions. • Capability inventory: The skill can execute shell commands via the 'Bash' tool and write tasks via 'TodoWrite'. • Sanitization: There is no evidence of content sanitization or validation for issue bodies or titles.
- Command Execution (SAFE): The skill employs the 'Bash' tool to execute standard GitHub CLI ('gh') commands. This activity is restricted to the intended functionality of managing repository issues and does not exhibit signs of privilege escalation or malicious intent.
Audit Metadata