fix-github-issue
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the GitHub CLI (
gh issue view) and is instructed to "run tests" to verify fixes, which involves executing arbitrary shell commands or scripts within the local repository environment. - [PROMPT_INJECTION]: The skill uses the
$ARGUMENTSvariable directly in its instructions, creating a surface for direct prompt injection where a user could provide input designed to override the agent's intended logic. - [INDIRECT_PROMPT_INJECTION]:
- Ingestion points: Untrusted data enters the agent context via the
gh issue viewcommand, which fetches descriptions and comments from external GitHub issues (SKILL.md). - Boundary markers: Absent. There are no delimiters or instructions to treat the issue content as data rather than instructions, increasing the risk of the agent obeying malicious commands embedded in an issue.
- Capability inventory: The skill possesses powerful capabilities including codebase searching, file system modification ("implement the necessary changes"), and shell command execution ("run tests").
- Sanitization: Absent. There is no evidence of filtering, validation, or escaping of the content retrieved from GitHub before it influences the agent's code generation and execution phases.
Audit Metadata