github-triage
Pass
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted external data by reading GitHub issue bodies and comments to build context and generate triage recommendations. This content could potentially contain malicious instructions designed to influence the agent's behavior during the triage process.
- Ingestion points: Reads full issue bodies and all comments during the context-gathering phase in
SKILL.md. - Boundary markers: None. The skill does not explicitly use delimiters or instruction-ignore warnings when interpolating issue content into its processing context.
- Capability inventory: The skill uses the
ghCLI for posting comments, applying labels, and closing issues. It also performs file writes to the.out-of-scope/directory in the local repository. - Sanitization: None. The skill does not describe specific sanitization or validation of the ingested issue content.
- Mitigation: The risk is significantly mitigated by a human-in-the-loop (HITL) design. The skill presents all recommendations to the maintainer and waits for explicit direction before taking any actions on GitHub or the filesystem.
Audit Metadata