codex-issue-digest
Pass
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The Python script
scripts/collect_issue_digest.pyexecutes the GitHub CLI (gh) andgitviasubprocess.runto retrieve issue data and repository metadata. This behavior is expected for the skill's intended use. The implementation uses list-based arguments which prevents command injection at the shell level.\n- [PROMPT_INJECTION]: The skill processes untrusted user-contributed content from GitHub, creating a surface for indirect prompt injection.\n - Ingestion points: Data is fetched from GitHub issue titles, descriptions, and comments via
scripts/collect_issue_digest.py.\n - Boundary markers: The skill lacks explicit instructions or markers to help the agent distinguish between its instructions and the data being processed.\n
- Capability inventory: The skill performs command execution to fetch data and then processes that data to create a summary.\n
- Sanitization: The script performs basic text cleaning and truncation but does not sanitize the content for malicious prompt instructions.
Audit Metadata