issue-triage
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the GitHub CLI (
gh) to retrieve issue data and post comments. These commands are executed as part of the intended workflow and are restricted to standard issue management tasks. - [PROMPT_INJECTION]: The skill handles untrusted data from GitHub issues, which presents a surface for indirect prompt injection. * Ingestion points: Issue descriptions and user comments are fetched in Step 1 via
gh issue viewor WebFetch. * Boundary markers: There are no specific delimiters or instructions to ignore instructions embedded within the issue body. * Capability inventory: The agent is capable of runningghcommands to read/write data and is directed to trace logic through the codebase. * Sanitization: No automated sanitization is specified; however, the risk is mitigated by mandatory human-in-the-loop (HITL) confirmation at Steps 1, 3, 4, and 5 before any actions or classifications are finalized.
Audit Metadata