implement-issue
Warn
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions recommend using
GIT_SSL_NO_VERIFY=1for network operations within sandbox environments. Disabling SSL/TLS verification removes protection against Man-in-the-Middle (MitM) attacks, which could allow an attacker to intercept or modify data transmitted between the agent and GitHub. - [PROMPT_INJECTION]: The skill ingests untrusted data from external GitHub issues that can contain malicious instructions intended to hijack the agent's logic during the planning or implementation phases.
- Ingestion points: External data is ingested via the
gh issue view <url-or-number>command in SKILL.md. - Boundary markers: Absent. The skill does not define delimiters or provide instructions to ignore potential commands embedded within the issue text.
- Capability inventory: The skill possesses significant capabilities, including local file writes (
_/local-plans/), modification of source code, execution of project-specific test commands, and the ability to create commits. - Sanitization: There is no evidence of sanitization or structural validation performed on the issue content before it is processed by the model to generate code changes.
Audit Metadata