fetching-github-issue

Warn

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The file references/external-sources.md identifies https://skills.sh/flpbalada/my-opencode-config/progressive-disclosure as a source to be fetched to guide retrieval decisions. This URL is from an unverified third-party domain and user (flpbalada) not associated with the skill author or well-known organizations, posing a risk of loading untrusted instructions at runtime.
  • [PROMPT_INJECTION]: The skill ingests untrusted data from GitHub issues and processes it, creating a surface for indirect prompt injection.
  • Ingestion points: The subagents/issue-retriever.md retrieves issue titles, bodies, and comments from external GitHub repositories.
  • Boundary markers: The skill attempts to implement boundary protection in references/retrieval-playbook.md by instructing the agent to rewrite Markdown headings in the ingested content to prevent collision with the snapshot's structure.
  • Capability inventory: The skill possesses file-write capabilities (writing to docs/ in subagents/issue-retriever.md) and network read capabilities via the gh CLI.
  • Sanitization: While heading rewriting is used to preserve document structure, there is no evidence of comprehensive escaping or sanitization of the untrusted Markdown body content to prevent downstream injection attacks.
  • [COMMAND_EXECUTION]: The skill relies on the gh (GitHub) CLI tool to perform its primary function. The references/retrieval-playbook.md provides specific instructions for executing gh issue view and gh api commands to fetch remote data.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 16, 2026, 01:29 AM
Security Audit — agent-trust-hub — fetching-github-issue