Skills
skills/nvidia/openshell/fix-security-issue/Gen Agent Trust Hub

fix-security-issue

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes standard development tools including git, gh (GitHub CLI), and mise. These tools are used for their intended purposes: managing branches, fetching issue metadata, running local pre-commit hooks, and creating pull requests.
  • [EXTERNAL_DOWNLOADS]: The skill fetches issue details and remediation plans from GitHub. Interactions with this well-known and trusted service for project management are considered safe behavior.
  • [PROMPT_INJECTION]: The skill identifies an indirect prompt injection surface by processing instructions (remediation plans) from issue comments. This risk is effectively mitigated by several architectural safeguards.
  • Ingestion points: Untrusted data enters the context via issue comments fetched through the gh issue view command in SKILL.md.
  • Boundary markers: The skill validates the presence of the security-review-agent marker string to ensure the instructions originate from a trusted automated process.
  • Capability inventory: The skill can write code, create commits/branches, push to the remote repository, and execute project hooks via mise (as described in Steps 5 and 8 of SKILL.md).
  • Sanitization: A strict manual gate is enforced; the agent will only proceed if the topic:security and state:agent-ready labels have been manually applied by a human operator, preventing the processing of unvetted content.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 07:46 AM
Security Audit — agent-trust-hub — fix-security-issue