gh-issue-report
Pass
Audited by Gen Agent Trust Hub on May 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the GitHub CLI (
gh) for listing, creating, and retrieving issues, as well asgitfor remote verification. Standard utilities likegrepandbase64are used for processing file lists and decoding API responses. These operations are consistent with the skill's stated purpose of managing GitHub issues. - [DATA_EXFILTRATION]: The skill reads code and repository metadata to construct bug reports. Potential risk of leaking sensitive code is mitigated by a mandatory approval step in Phase 5, where the agent must present the full title, labels, and body to the user for review before executing the
gh issue createcommand. - [EXTERNAL_DOWNLOADS]: Repository content, contributing guides, and issue templates are fetched via the GitHub API. This is standard behavior for the intended use case, and the GitHub API is a well-known service.
- [PROMPT_INJECTION]: The skill processes untrusted data from repository files (e.g.,
CONTRIBUTING.md, source code), creating a surface for indirect prompt injection. An attacker could embed instructions in these files to manipulate the agent's drafted issue. The impact is limited by the user review requirement. - Ingestion points:
CONTRIBUTING.md,.github/ISSUE_TEMPLATE/files, and source code files identified during the lightweight pass (SKILL.md). - Boundary markers: Absent; the agent is not instructed to ignore embedded instructions in the ingested files.
- Capability inventory:
gh issue create,gh api, and shell command execution (SKILL.md). - Sanitization: None; content is fetched and base64-decoded directly into the agent's context without filtering.
Audit Metadata