shipped-issues
Pass
Audited by Gen Agent Trust Hub on Jun 21, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes standard development tools (
git,gh,sf) to perform its maintenance tasks. Commands are structured to retrieve data from the repository and internal systems without exposing the environment to arbitrary execution. - [DATA_EXPOSURE]: It retrieves GitHub issue bodies and changelog content to identify candidates for closing. This data is handled locally within temporary files (
/tmp) and is necessary for the skill's primary function. - [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted content from GitHub issue bodies using a regex pattern (
W-\d{6,9}) to identify work items. While this involves processing external data, the risk of injection is mitigated by the narrow extraction logic and the requirement for explicit user confirmation in Step 7 before any issue is closed.
Audit Metadata