fetching-github-issue
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the GitHub CLI (
gh) to run commands such asgh issue viewandgh api. These commands are essential for its operation and are executed locally to retrieve data. - [EXTERNAL_DOWNLOADS]: The skill retrieves issue data, comments, and metadata from GitHub's official APIs. This is a primary function and targets a well-known service (GitHub).
- [PROMPT_INJECTION]: The skill processes untrusted content from GitHub issue descriptions and comments (ingestion points in
subagents/issue-retriever.md). It implements a sanitization mitigation to rename Markdown headings (e.g., changing##to**) in the external content to prevent them from colliding with the snapshot's structural headings (boundary markers insubagents/issue-retriever-template.md). However, as the agent has the capability to write files and execute subsequent commands based on this data, the ingested content could still contain instructions intended to influence the agent's behavior in later workflow stages.
Audit Metadata