fix-issue
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests untrusted text from GitHub issue descriptions and comments, which are subsequently used to formulate prompts and tasks for analysis subagents.
- Ingestion points: Phase 1 (Understand Issue) uses the 'gh issue view' command to pull the body and comments of a GitHub issue into the agent's context.
- Boundary markers: The skill does not implement specific delimiters or 'ignore embedded instructions' warnings when passing issue content to subagents in Phase 4.
- Capability inventory: The agent has high-privilege capabilities including the 'Bash' tool for command execution, as well as file modification and 'git' tools for committing changes.
- Sanitization: There is no evidence of sanitization or filtering of the external issue content before it is interpolated into agent prompts.
- [COMMAND_EXECUTION]: The skill makes extensive use of the 'Bash' tool to run local test suites (e.g., 'pytest', 'npm test') and auxiliary shell scripts ('similar-issue-finder.sh'). While necessary for the skill's primary function, these tools represent an execution surface for logic derived from the analysis of potentially malicious external issue data.
Audit Metadata