Skills
skills/nvidia/openshell/triage-issue/Gen Agent Trust Hub

triage-issue

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted content from GitHub issue titles, bodies, and comments, creating an indirect prompt injection surface.
  • Ingestion points: External data enters the agent context in Step 1 through the gh issue view command.
  • Boundary markers: There are no explicit delimiters used to separate the untrusted issue content from the internal instructions passed to the sub-agent in Step 4.
  • Capability inventory: The skill utilizes gh issue edit and gh issue comment to modify the state of the repository based on analyzed content.
  • Sanitization: No sanitization is performed on the incoming issue text before it is evaluated.
  • Mitigation: The risk is addressed through the primary logic of the skill, which instructs the sub-agent to use a "skeptical lens" and requires human intervention for the final state:agent-ready label, as specified in the safety controls.
  • [COMMAND_EXECUTION]: The skill uses the gh CLI to interact with GitHub. All operations (listing, viewing, editing issues) are performed on the repository the agent is currently operating within. The commands are standard for the tool's triaging purpose.
  • [EXTERNAL_DOWNLOADS]: The skill references an external document (CONTRIBUTING.md) located in the NVIDIA/OpenShell GitHub repository. This is a reference to the author's own official documentation and is considered safe.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 07:46 AM
Security Audit — agent-trust-hub — triage-issue