issue-triage

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the GitHub CLI (gh) to fetch repository data and perform issue management actions like commenting and closing. It also utilizes system clipboard tools (pbcopy, xclip, wl-copy, clip.exe) to export audit results.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from GitHub issues to drive analysis and recommended actions.
  • Ingestion points: Reads issue titles, bodies, and comments in Phase 1 and Phase 2 (SKILL.md).
  • Boundary markers: Issue content is interpolated into analysis prompts without structured delimiters or instructions to ignore embedded commands.
  • Capability inventory: Executes issue comments, labeling, and closures via the gh CLI (SKILL.md).
  • Sanitization: No filtering or sanitization of the fetched issue content is performed.
  • Mitigation: All drafted actions require explicit human validation via a multi-select menu before execution in Phase 3.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 03:17 AM
Security Audit — agent-trust-hub — issue-triage