Skills
skills/code-yeongyu/oh-my-openagent/github-triage/Gen Agent Trust Hub

github-triage

Pass

Audited by Gen Agent Trust Hub on Mar 20, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection. It ingests untrusted content, such as titles and bodies, from GitHub issues and pull requests and interpolates this data directly into the prompts of background subagents.
  • Ingestion points: Untrusted data enters the context through Phase 1 fetching in SKILL.md and the scripts/gh_fetch.py utility.
  • Boundary markers: Absent. The skill lacks explicit delimiters or instructions to ignore embedded commands within the {body} and {title} variables.
  • Capability inventory: Subagents are granted read-only access to the codebase via tools like Grep, Read, Glob, and git, and have the ability to write analysis reports to the /tmp/ directory.
  • Sanitization: No sanitization, escaping, or validation is performed on the content retrieved from GitHub before it is passed to the LLM.
  • [COMMAND_EXECUTION]: The skill uses subprocess execution to interact with the system and version control tools.
  • Evidence: The scripts/gh_fetch.py script utilizes asyncio.create_subprocess_exec to run the GitHub CLI (gh). SKILL.md includes multiple bash execution blocks for environment setup, data pagination with jq, and git history retrieval.
  • [EXTERNAL_DOWNLOADS]: The skill performs network operations to fetch data from an external source.
  • Evidence: It retrieves issue and pull request metadata from GitHub's official API using the gh CLI. This is a standard operation for the skill's intended purpose.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 20, 2026, 09:18 AM