gh-issue-view

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the official gh (GitHub CLI) utility to fetch issue details and comments. The commands provided are standard for the tool's intended use and do not involve suspicious parameters.
  • [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it retrieves data (issue titles, bodies, and comments) from GitHub that may be authored by untrusted third parties. 1. Ingestion points: The workflows in SKILL.md fetch issue descriptions and comments via gh issue view. 2. Boundary markers: No explicit delimiters or instructions are provided to the agent to ignore potentially malicious content within the fetched data. 3. Capability inventory: The skill is restricted to Bash, Read, and Grep tools as per the frontmatter. 4. Sanitization: There is no evidence of sanitization or validation of the fetched issue content before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 11:35 PM
Security Audit — agent-trust-hub — gh-issue-view