do-issue
Warn
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: The 'Tooling Reflection' mechanism in
modules/completion.mdinstructs the agent to post learnings about its own operations and context to a public forum (https://github.com/athola/claude-night-market/discussions). This could result in the unintended disclosure of internal project details, environment metadata, or proprietary workflow information. - [PROMPT_INJECTION]: The skill retrieves and processes untrusted content from issue trackers (
modules/issue-discovery.md) to define subagent tasks, creating an indirect prompt injection surface. - Ingestion points: External data enters through issue bodies and comments via
gh issue vieworglab issue view. - Boundary markers: There are no instructions to use delimiters or ignore instructions within the fetched issue text.
- Capability inventory: The skill dispatches autonomous subagents with permissions to modify files, run tests, and commit code (
modules/parallel-execution.md). - Sanitization: No validation is performed on issue content before it is converted into executable task plans.
- [COMMAND_EXECUTION]: The workflow relies on significant system-level capabilities, including shell command execution (
gh,glab,git) and the creation of background agent teams, which could be misused if the agent's instructions are hijacked.
Audit Metadata