Skills
skills/danielvm-git/skills/github-triage/Gen Agent Trust Hub

github-triage

Pass

Audited by Gen Agent Trust Hub on Apr 26, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from external sources.
  • Ingestion points: The triage workflow in SKILL.md requires the agent to read the full body and all comments of GitHub issues to gather context.
  • Boundary markers: The instructions do not define input delimiters or provide specific warnings for the agent to ignore potentially malicious instructions embedded within issue content.
  • Capability inventory: The skill allows the agent to modify repository state using the gh CLI (applying labels, posting comments, and closing issues) and to write to the local file system in the .out-of-scope/ directory.
  • Sanitization: No sanitization, escaping, or structured validation is applied to the untrusted issue content before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 26, 2026, 12:52 PM
Security Audit — agent-trust-hub — github-triage