implement-issue
Pass
Audited by Gen Agent Trust Hub on Jul 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Executes GitHub (
gh) and GitLab (glab) CLI tools to interact with issue trackers and repositories. - Mitigates risks by requiring pre-authenticated CLI sessions and explicitly forbidding automatic tool installation or authentication.
- Implements strict input validation, including the rejection of control characters and malformed URLs, and requires argv-safe argument handling.
- [DATA_EXFILTRATION]: Manages the retrieval of issue data from external hosts.
- Explicitly identifies and redacts HTTP(S) userinfo/credentials from URLs before any processing or reporting occurs.
- Prohibits the use of checkout-derived placeholders in API requests to ensure strict project binding and prevent unauthorized data access.
- [PROMPT_INJECTION]: Proactively manages the risk of indirect prompt injection from untrusted external data sources (GitHub/GitLab issues).
- Formally defines issue bodies, comments, and linked pages as "untrusted evidence" rather than authoritative instructions.
- Commands the agent to ignore any embedded workflow instructions or shell commands found within the processed issue data.
Audit Metadata