Skills
skills/blogic-cz/blogic-marketplace/github-triage/Gen Agent Trust Hub

github-triage

Pass

Audited by Gen Agent Trust Hub on Apr 7, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. It interpolates untrusted data from GitHub (issue titles, bodies, comments) directly into subagent prompt templates.
  • Ingestion points: Untrusted data enters via {body}, {title}, {author}, and {comments} placeholders in the subagent templates defined in SKILL.md.
  • Boundary markers: No delimiters or safety instructions are used to isolate untrusted content from the subagent's system instructions.
  • Capability inventory: The subagents are granted capabilities to execute gh-tool, git, and interact with infrastructure like Kubernetes and Sentry via tools listed in allowed-tools or subagent skill assignments.
  • Sanitization: No sanitization, escaping, or validation of the fetched GitHub content is performed before interpolation.
  • [COMMAND_EXECUTION]: The skill uses gh-tool for GitHub interactions and git for repository management. While these are appropriate for the skill's purpose, they are executed based on plans derived from untrusted input.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 7, 2026, 09:23 AM