skills/dicklesworthstone/misc_coding_agent_tips_and_scripts/reporting-sensitive-encrypted-gh-issues/Gen Agent Trust Hub
reporting-sensitive-encrypted-gh-issues
Fail
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill provides instructions to download and execute a shell script directly from a GitHub repository using a 'curl | bash' pattern. This allows for arbitrary code execution from a remote source during the installation process.
- Evidence:
curl -fsSL "https://raw.githubusercontent.com/Dicklesworthstone/misc_coding_agent_tips_and_scripts/main/gh-issue-decrypt?$(date +%s)" | bash -s -- --installinSKILL.md. - [EXTERNAL_DOWNLOADS]: The skill downloads an external script from a third-party GitHub repository to perform its core functions.
- Evidence: The installation command fetches code from
https://raw.githubusercontent.com/Dicklesworthstone/misc_coding_agent_tips_and_scripts/main/gh-issue-decrypt. - [COMMAND_EXECUTION]: The primary functionality of the skill is built around executing shell commands and using the GitHub CLI (
gh) for repository interactions and cryptographic operations. - Evidence: Commands such as
gh-issue-decrypt --encrypt,gh auth login, and repository scanning functions. - [PROMPT_INJECTION]: The skill scans and decrypts content from GitHub issues, which are created by third parties and reside in external environments. This creates an indirect prompt injection surface where malicious instructions could be parsed by the agent.
- Ingestion points: Reads bodies and comments of GitHub issues using
gh-issue-decrypt. - Boundary markers: Uses specific tags like
[enc:age]and headers to isolate encrypted content, though these do not protect against instructions in the surrounding plaintext. - Capability inventory: Subprocess execution for encryption/decryption and GitHub CLI commands.
- Sanitization: There is no evidence of sanitization or validation of the content retrieved from GitHub issues before it is handled by the agent.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/Dicklesworthstone/misc_coding_agent_tips_and_scripts/main/gh-issue-decrypt?$(date - DO NOT USE without thorough review
Audit Metadata