Skills
skills/ilteoood/harness/github-issues/Gen Agent Trust Hub

github-issues

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill relies on the GitHub CLI (gh) and its api subcommand to perform write operations, such as creating, updating, and commenting on issues, as the current MCP server is limited to read operations.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests and processes untrusted content from GitHub issues, comments, and project items.
  • Ingestion points: mcp__github__issue_read, mcp__github__list_issues, and various GraphQL search/list operations.
  • Boundary markers: None identified in the prompt instructions to isolate external data from the agent's control logic.
  • Capability inventory: Full write access to issues, comments, labels, and project metadata via gh api (REST/GraphQL) and mcp__github__projects_write.
  • Sanitization: No explicit sanitization or validation logic is defined for the data retrieved from GitHub before it is used to influence further actions.
  • [SAFE]: All documented operations target official GitHub APIs and use standard authentication workflows. The inclusion of a JavaScript template for puppeteer-core in references/images.md is provided as a legitimate developer utility for generating issue mockups.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 02:45 PM
Security Audit — agent-trust-hub — github-issues