plan
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to use the GitHub CLI tool with user-provided input (
gh issue view $ARGUMENTS). If the agent implementation does not properly sanitize these arguments, it could lead to command injection in environments where the agent has shell access. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests and processes untrusted data from external sources to guide its decision-making and planning logic.
- Ingestion points: Untrusted content is ingested from GitHub issues (via
gh issue view) and from the project's source code files (viaread the relevant code). - Boundary markers: Absent. The instructions provide no clear delimiters or guidance to the agent to treat fetched data as data rather than instructions.
- Capability inventory: The skill allows the agent to read repository files and interact with the GitHub CLI tool.
- Sanitization: Absent. There is no evidence of content validation or escaping before the external data is incorporated into the design dialogue.
Audit Metadata