Skills
skills/hirokisakabe/issuekit/issue-implement/Gen Agent Trust Hub

issue-implement

Pass

Audited by Gen Agent Trust Hub on May 11, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by processing untrusted external data.
  • Ingestion points: The skill reads GitHub issue content, labels, and status using gh issue view and gh api in steps 1, 2, 3, and 5 of SKILL.md.
  • Boundary markers: No explicit boundary markers or instructions to disregard embedded instructions within the issue body are defined.
  • Capability inventory: The skill has extensive capabilities, including file system writes (implementation in step 5), shell command execution (git, gh), and network access to GitHub.
  • Sanitization: There is no mention of sanitizing or escaping the content retrieved from GitHub issues before using it to guide development or populating PR descriptions.
  • [COMMAND_EXECUTION]: The skill frequently executes shell commands via the gh (GitHub CLI) and git tools. While these are legitimate tools for its purpose, the commands are driven by the context provided in external GitHub issues, creating a risk if those issues contain malicious instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
May 11, 2026, 08:21 AM
Security Audit — agent-trust-hub — issue-implement