issue-triage
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the GitHub CLI (gh) to fetch repository data and perform issue management actions like commenting and closing. It also utilizes system clipboard tools (pbcopy, xclip, wl-copy, clip.exe) to export audit results.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from GitHub issues to drive analysis and recommended actions.
- Ingestion points: Reads issue titles, bodies, and comments in Phase 1 and Phase 2 (SKILL.md).
- Boundary markers: Issue content is interpolated into analysis prompts without structured delimiters or instructions to ignore embedded commands.
- Capability inventory: Executes issue comments, labeling, and closures via the
ghCLI (SKILL.md). - Sanitization: No filtering or sanitization of the fetched issue content is performed.
- Mitigation: All drafted actions require explicit human validation via a multi-select menu before execution in Phase 3.
Audit Metadata