Skills
skills/elastic/kibana/gh-enhance-issue/Gen Agent Trust Hub

gh-enhance-issue

Pass

Audited by Gen Agent Trust Hub on May 11, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands using the GitHub CLI (gh).
  • It fetches issue data using gh issue view and updates issue content using gh issue edit.
  • The commands are scoped to the elastic/kibana repository, which aligns with the skill author's identity ('elastic').
  • The skill uses a shell heredoc (EOF) in Step 6 to safely pass the new issue body to the CLI, which is a best practice to prevent command injection from the generated content.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from GitHub issues.
  • Ingestion points: External data enters the agent context via the gh issue view command in SKILL.md (Step 1), which retrieves the title and body of a specified issue.
  • Boundary markers: The instructions do not define clear boundary markers or provide 'ignore embedded instructions' warnings when the agent reformats the issue content in Step 3.
  • Capability inventory: The agent possesses write capabilities via the gh issue edit command in SKILL.md (Step 6), allowing it to modify the repository's content.
  • Sanitization: There is no explicit sanitization or filtering of the fetched issue content before it is used to generate the new body. However, the skill mandates a human review and confirmation step (Step 5) before any write operation is executed, which serves as a significant manual mitigation.
Audit Metadata
Risk Level
SAFE
Analyzed
May 11, 2026, 02:18 PM