github-operations
Warn
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends installing a third-party GitHub CLI extension from an unverified source (yahsan2/gh-sub-issue) in the file 'references/issue-management.md'. This involves downloading and potentially executing code from an unverified personal repository.\n- [COMMAND_EXECUTION]: The skill makes extensive use of the Bash tool to execute GitHub CLI commands across almost all files. This includes scripts in 'examples/automation-scripts.md' and instructions in 'references/milestone-api.md' to modify the GitHub CLI configuration file (~/.config/gh/config.yml) by adding custom aliases.\n- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by ingesting data from GitHub repositories (such as issue titles and PR descriptions) and processing it via shell scripts.\n
- Ingestion points: Issue and Pull Request metadata fetched via 'gh issue list' and 'gh pr list' in 'examples/automation-scripts.md' and 'references/issue-management.md'.\n
- Boundary markers: Absent; there are no specific markers to distinguish instructions from user-controlled data within the GitHub resource bodies.\n
- Capability inventory: Extensive capability to execute shell commands via the Bash tool throughout all provided scripts.\n
- Sanitization: The skill employs JQ for parsing JSON output and uses standard shell quoting for variables, which provides basic protection against simple injection attempts.
Audit Metadata