Skills
skills/nvidia/megatron-lm/create-issue/Gen Agent Trust Hub

create-issue

Pass

Audited by Gen Agent Trust Hub on May 3, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from GitHub Action logs and PR metadata. This content is interpolated into the agent's context and used to generate GitHub issue bodies without boundary markers or instructions to ignore embedded commands within the logs.
  • Ingestion points: The <github-actions-run-or-job-url> argument and the output from gh api .../logs and gh pr view serve as untrusted input sources.
  • Boundary markers: No specific delimiters (like XML tags or triple quotes) or 'ignore embedded instructions' warnings are used when processing log content or PR descriptions.
  • Capability inventory: The skill has broad capabilities including executing shell commands via the GitHub CLI (gh), reading repository data, and creating/assigning issues on GitHub.
  • Sanitization: There is no evidence of sanitization or validation of the extracted log snippets or PR titles before they are used in commands or prompt construction.
  • [COMMAND_EXECUTION]: The skill relies heavily on the gh command-line tool to interact with GitHub. It interpolates variables extracted from user-provided URLs (like <run_id>, <job_id>, and <pr_number>) directly into shell commands. If the parsing logic for the initial URL is circumvented, it could lead to command injection.
  • [EXTERNAL_DOWNLOADS]: The skill fetches log data and metadata from GitHub's official API (repos/NVIDIA/Megatron-LM/...). This is a standard operation for the skill's purpose and utilizes a trusted service provider.
Audit Metadata
Risk Level
SAFE
Analyzed
May 3, 2026, 07:06 AM