fetching-github-issue
Warn
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The file
references/external-sources.mdidentifieshttps://skills.sh/flpbalada/my-opencode-config/progressive-disclosureas a source to be fetched to guide retrieval decisions. This URL is from an unverified third-party domain and user (flpbalada) not associated with the skill author or well-known organizations, posing a risk of loading untrusted instructions at runtime. - [PROMPT_INJECTION]: The skill ingests untrusted data from GitHub issues and processes it, creating a surface for indirect prompt injection.
- Ingestion points: The
subagents/issue-retriever.mdretrieves issue titles, bodies, and comments from external GitHub repositories. - Boundary markers: The skill attempts to implement boundary protection in
references/retrieval-playbook.mdby instructing the agent to rewrite Markdown headings in the ingested content to prevent collision with the snapshot's structure. - Capability inventory: The skill possesses file-write capabilities (writing to
docs/insubagents/issue-retriever.md) and network read capabilities via theghCLI. - Sanitization: While heading rewriting is used to preserve document structure, there is no evidence of comprehensive escaping or sanitization of the untrusted Markdown body content to prevent downstream injection attacks.
- [COMMAND_EXECUTION]: The skill relies on the
gh(GitHub) CLI tool to perform its primary function. Thereferences/retrieval-playbook.mdprovides specific instructions for executinggh issue viewandgh apicommands to fetch remote data.
Audit Metadata