issue-list
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes
gh issue list --state {STATE}, where{STATE}is populated from user-provided arguments. Without explicit validation or sanitization within the script, this represents a potential command injection surface if the executing environment does not enforce strict argument handling. - [PROMPT_INJECTION]: The skill processes data from GitHub issues (titles and statuses), which is an external and untrusted source. This presents a risk of indirect prompt injection if the retrieved content contains malicious instructions intended to influence the agent.
- Ingestion points: External data enters through the
gh issue listcommand output in SKILL.md. - Boundary markers: No delimiters or safety warnings are used to isolate the fetched issue data from the agent's instructions.
- Capability inventory: The skill's capabilities are limited to executing the
ghcommand; it does not have file-writing or broad network permissions. - Sanitization: There is no evidence of filtering or escaping the data retrieved from GitHub before it is displayed.
Audit Metadata