Skills
skills/code-yeongyu/oh-my-opencode/github-triage/Gen Agent Trust Hub

github-triage

Pass

Audited by Gen Agent Trust Hub on Mar 21, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill relies on the gh (GitHub CLI) and git tools to perform operations such as identifying the current repository, listing open issues and pull requests, and inspecting the local codebase and commit history.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from external GitHub items.
  • Ingestion points: Untrusted data including titles, bodies, and comments from issues and pull requests are fetched in SKILL.md (Phase 1) and scripts/gh_fetch.py and subsequently passed into subagent prompts in Phase 3.2.
  • Boundary markers: The subagent prompts use simple text labels (e.g., Body: {body}) which do not provide robust isolation between instructions and untrusted data.
  • Capability inventory: Subagents are equipped with capabilities to use gh, git, Grep, Read, and Write tools, which could be misused if a subagent is successfully compromised via injection.
  • Sanitization: The skill does not implement any sanitization or filtering logic to neutralize potential malicious instructions embedded within the fetched GitHub content.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 21, 2026, 06:06 AM