Skills
skills/ascend-ai-coding/awesome-ascend-skills/github-issue-rca/Gen Agent Trust Hub

github-issue-rca

Pass

Audited by Gen Agent Trust Hub on Mar 27, 2026

Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted content from GitHub issues, creating a surface for indirect prompt injection.
  • Ingestion points: External data enters the agent context through the github_get_issue tool, which reads issue titles, descriptions, and comments.
  • Boundary markers: The workflow lacks instructions to wrap issue content in delimiters or to explicitly ignore embedded instructions during the analysis process.
  • Capability inventory: The agent has the ability to read and write local files, perform repository searches with grep, and use various GitHub API tools.
  • Sanitization: No sanitization, validation, or filtering of the external issue content is specified before the analysis phase.
  • [DATA_EXFILTRATION]: The skill performs search operations and gathers references from GitHub and established documentation platforms. These network activities are essential for the skill's operation and target well-known, trusted services.
  • [COMMAND_EXECUTION]: The skill and its reference documentation recommend using local shell-based tools like grep and git log to perform static and historical analysis of the codebase, which is a routine and safe part of software troubleshooting.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 27, 2026, 09:33 AM
Security Audit — agent-trust-hub — github-issue-rca