Skills
skills/warpdotdev/oz-skills/github-issue-dedupe/Gen Agent Trust Hub

github-issue-dedupe

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (MEDIUM): The README.md instructs users to use warpdotdev/warp-agent-action@v1. This organization is not on the provided list of trusted GitHub organizations or repositories.
  • PROMPT_INJECTION (LOW): The skill is highly susceptible to indirect prompt injection (Category 8) due to the way it handles issue content.
  • Ingestion points: The workflow in README.md interpolates ${{ github.event.issue.body }} directly into the agent's prompt.
  • Boundary markers: None are present. The issue body is appended to the prompt without delimiters or instructions to ignore embedded commands.
  • Capability inventory: The SKILL.md file defines capabilities for executing shell commands including gh issue list, gh issue view, and gh issue comment.
  • Sanitization: There is no evidence of sanitization or escaping of the ${{ github.event.issue.body }} variable before it enters the prompt context.
  • COMMAND_EXECUTION (SAFE): While the skill executes gh CLI commands, this behavior is central to its primary purpose of managing GitHub issues.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:16 PM