mcore-create-issue

Pass

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill extensively uses the GitHub CLI (gh) to perform repository operations, including viewing action runs, fetching logs, querying pull request metadata, and creating issues. These commands are consistent with the skill's primary purpose of triaging CI failures within the NVIDIA/Megatron-LM repository.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from external sources.
  • Ingestion points: GitHub Actions logs are retrieved via gh api repos/NVIDIA/Megatron-LM/actions/jobs/<job_id>/logs and PR metadata is fetched via gh pr view.
  • Boundary markers: The instructions do not specify protective delimiters or "ignore instructions" wrappers when interpolating log content into the issue body or processing it for root cause analysis.
  • Capability inventory: The skill possesses the capability to create and assign issues in a GitHub repository (gh issue create), which could be misused if malicious instructions are embedded in the logs being triaged.
  • Sanitization: While the skill truncates log snippets to 30 lines, there is no explicit sanitization to filter out potential prompt injection attacks contained within the logs or PR descriptions.
  • [SAFE]: All external interactions and API calls are scoped specifically to the NVIDIA/Megatron-LM repository, which is consistent with the skill's authorship and stated context. There are no indications of data exfiltration to non-whitelisted domains or unauthorized credential access.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 22, 2026, 06:56 AM
Security Audit — agent-trust-hub — mcore-create-issue