fix-issue
Pass
Audited by Gen Agent Trust Hub on Jun 25, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted GitHub issue titles, bodies, and comments. It proactively addresses this risk with a dedicated 'Security policy' that instructs the agent to treat issue content strictly as data, not instructions. It mandates a silent 'Security abort' if prompt injection is suspected, preventing the agent from being manipulated into performing unauthorized actions or posting exfiltrated data.
- [DATA_EXFILTRATION]: The skill strictly prohibits sending data to external services and forbids the use or modification of API keys and secrets. All network-related operations are confined to official GitHub repository interactions using
ghandgitfor the intended purpose of issue resolution and PR creation. - [COMMAND_EXECUTION]: Bash usage is heavily restricted to prevent abuse. The skill prohibits command chaining (pipes, redirects,
&&,;), the use of non-allowlisted utilities likecatorfind, and any attempts to bypass tool restrictions. It requires the use of specific platform-provided tools for file operations and workspace inspection. - [SAFE]: The skill demonstrates excellent security hygiene by establishing clear boundaries for data ingestion (GitHub issues and CI logs) and providing explicit guidance on least-privilege tool usage. The use of
--body-filefor GitHub commands is a notable best practice to prevent shell mangling and injection.
Audit Metadata