Skills
skills/beeman/skills/gh-issue-kickoff/Gen Agent Trust Hub

gh-issue-kickoff

Pass

Audited by Gen Agent Trust Hub on Mar 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Uses the official GitHub CLI (gh) to perform issue management tasks such as viewing, editing, and commenting on issues in SKILL.md. This is a legitimate use of a well-known service tool consistent with the skill's primary purpose.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from GitHub issue titles, bodies, and comments.
  • Ingestion points: The gh issue view command in SKILL.md fetches external data from issue bodies and comments that is then processed by the agent.
  • Boundary markers: No explicit delimiters or boundary markers (e.g., XML tags or special tokens) are used to isolate the fetched issue content from the system instructions.
  • Capability inventory: The skill has the capability to write back to GitHub (gh issue edit, gh issue comment) and read the local codebase.
  • Sanitization: No sanitization or escaping of the ingested issue data is specified in the instructions, relying instead on high-level rules for behavior.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 17, 2026, 10:51 AM