Skills
skills/agoodway/skills/goodissues/Gen Agent Trust Hub

goodissues

Fail

Audited by Gen Agent Trust Hub on May 10, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill instructs the agent to download and execute scripts directly from a remote source using high-risk patterns like piped shell execution.
  • Evidence: curl -fsSL https://raw.githubusercontent.com/agoodway/goodissues_cli/main/install.sh | sh in SKILL.md.
  • Evidence: irm https://raw.githubusercontent.com/agoodway/goodissues_cli/main/install.ps1 | iex in SKILL.md.
  • [EXTERNAL_DOWNLOADS]: The skill downloads binaries and installation scripts from a GitHub repository associated with the author ('agoodway').
  • [COMMAND_EXECUTION]: The skill relies on shell command execution for its core functionality, including installation, configuration, and managing issue data.
  • [PROMPT_INJECTION]: The skill possesses a significant attack surface for indirect prompt injection and command injection due to unsafe interpolation of user data.
  • Ingestion points: Untrusted user data (project names, issue titles, descriptions) enters the system via natural language instructions in SKILL.md.
  • Boundary markers: Absent. No delimiters or instructions are used to separate user data from command parameters.
  • Capability inventory: The skill makes extensive use of shell subprocesses (sh, powershell, binary execution) to perform its tasks in SKILL.md.
  • Sanitization: Absent. There are no steps to escape or validate user-provided strings before they are inserted into shell commands.
Recommendations
  • HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/agoodway/goodissues_cli/main/install.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 10, 2026, 08:32 AM
Security Audit — agent-trust-hub — goodissues