implement-issue
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface through the ingestion of external GitHub issue data.
- Ingestion points: Untrusted data is retrieved from external GitHub issues using the
gh issue viewcommand in Step 1. - Boundary markers: There are no explicit instructions to use delimiters or ignore embedded instructions within the fetched issue content when generating plans or code.
- Capability inventory: The skill can perform file system writes (Steps 2 and 4) and execute shell commands (Step 6), which could be manipulated by malicious instructions in an issue.
- Sanitization: Although Step 5 mandates a security review of the output code (OWASP check, secret detection), it does not sanitize the input issue text to prevent the LLM from following unauthorized instructions contained within the issue.
- [COMMAND_EXECUTION]: The skill executes shell commands to interact with the environment and external services.
- Evidence: Step 1 executes the
gh(GitHub CLI) tool to fetch issue data. - Evidence: Step 6 executes arbitrary project-specific test commands which are determined at runtime by the project configuration.
Audit Metadata