develop-issue
Pass
Audited by Gen Agent Trust Hub on May 26, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides guidance for installing missing dependencies from GitHub repositories, including the vendor's own repository (
patinaproject/skills) and a third-party developer's repository (mattpocock/skills). These instructions include the security-focused flagnpm_config_ignore_scripts=true, which prevents the execution of potentially malicious lifecycle scripts during the installation process. - [COMMAND_EXECUTION]: The workflow utilizes standard toolsets such as the GitHub CLI (
gh) and theskillspackage runner to manage the development lifecycle. The commands are structured, non-arbitrary, and standard for the intended development environment. - [DATA_EXFILTRATION]: The skill ingests content from GitHub issues to define development tasks. While this introduces a surface for untrusted content, the workflow explicitly mitigates risks by requiring human intervention if acceptance criteria are unclear or if the requirements conflict with repository rules.
Audit Metadata