Skills
skills/nvidia/openshell/build-from-issue/Gen Agent Trust Hub

build-from-issue

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes various local shell commands using gh (GitHub CLI) for issue management, git for repository operations (branching, commits, pushes), and mise for running pre-commit hooks and end-to-end test suites.
  • [EXTERNAL_DOWNLOADS]: The skill retrieves issue content, comments, and repository metadata from GitHub, which are used to inform the implementation plan and workflow state.
  • [PROMPT_INJECTION]: Because the skill processes untrusted content from GitHub issues and comments, it has an inherent surface for indirect prompt injection. This risk is effectively mitigated by several design choices:
  • Ingestion points: Untrusted data enters the agent context via gh issue view commands in SKILL.md (Steps 1 and 2).
  • Boundary markers: The skill uses explicit markers (🏗️ build-plan and 🏗️ build-from-issue-agent) to distinguish agent-generated content from human feedback and third-party inputs.
  • Capability inventory: The agent has the capability to write code to the local file system, execute shell commands through the project's test runner (mise), and push changes to remote repositories.
  • Sanitization: The skill relies on sub-agent review (principal-engineer-reviewer) and, most critically, a mandatory human authorization gate (state:agent-ready label) before any execution occurs.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 07:46 AM
Security Audit — agent-trust-hub — build-from-issue