Skills
skills/github/gh-aw/github-issue-query/Gen Agent Trust Hub

github-issue-query

Pass

Audited by Gen Agent Trust Hub on Apr 24, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The script query-issues.sh executes the official GitHub CLI (gh) and the jq utility. All variables derived from input arguments (such as --repo, --state, and --jq) are correctly double-quoted when passed to the commands, preventing command injection vulnerabilities. The script also limits the data retrieved to a specific set of JSON fields.
  • [PROMPT_INJECTION]: The skill processes untrusted content from GitHub issues, which serves as an ingestion point for indirect prompt injection.
  • Ingestion points: Issue titles, bodies, and comments are fetched from GitHub repositories via the gh issue list command in query-issues.sh.
  • Boundary markers: The data is returned as structured JSON, though it lacks explicit delimiters or instructions for the agent to ignore instructions embedded in the issue content.
  • Capability inventory: The skill environment includes access to the GitHub CLI and jq for data processing.
  • Sanitization: No filtering or sanitization of the retrieved issue text is performed.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 24, 2026, 06:38 AM