Skills
skills/2ykwang/agent-skills/github-review-issue/Gen Agent Trust Hub

github-review-issue

Pass

Audited by Gen Agent Trust Hub on Apr 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes the GitHub CLI (gh) to retrieve issue metadata, descriptions, and comments. This is a legitimate use of the tool for the skill's stated productivity purpose.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it incorporates untrusted data from GitHub issues into the agent's context for analysis.
  • Ingestion points: External data is retrieved via the gh issue view command in SKILL.md (Step 2).
  • Boundary markers: There are no explicit delimiters (e.g., XML tags or Markdown blocks) or specific instructions to the agent to disregard any commands found within the fetched issue content.
  • Capability inventory: The skill's primary capability is executing the gh tool to view repository information.
  • Sanitization: The skill does not perform any validation or sanitization of the issue body or comments before passing them to the agent for summarization.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 7, 2026, 10:45 AM
Security Audit — agent-trust-hub — github-review-issue