mcore-create-issue

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from GitHub Actions logs and pull request metadata, which are then used to generate content for new GitHub issues.
  • Ingestion points: The skill retrieves job logs via gh api and pull request metadata (titles, bodies) via gh pr view from the NVIDIA/Megatron-LM repository.
  • Boundary markers: There are no explicit instructions or delimiters used to ensure the agent ignores potentially malicious instructions embedded within the logs or PR data.
  • Capability inventory: The skill has repository write access through the gh issue create command, which allows it to post content back to the GitHub platform.
  • Sanitization: While the skill instructs the agent to limit the error snippet to 30 lines, there is no technical sanitization or escaping of the external content before it is interpolated into the issue body.
  • [COMMAND_EXECUTION]: The skill executes multiple shell commands using the GitHub CLI (gh) to perform its triage workflow.
  • Evidence: Workflow steps utilize gh run view, gh api, gh pr view, and gh issue create to interact with GitHub's APIs and services.
  • [DATA_EXFILTRATION]: The skill performs network operations to fetch data from external sources (GitHub Actions and PR metadata).
  • Evidence: Commands like gh api repos/NVIDIA/Megatron-LM/actions/jobs/<job_id>/logs are used to retrieve logs from a remote repository. This activity is restricted to a well-known official repository and aligns with the skill's stated purpose.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 04:34 PM
Security Audit — agent-trust-hub — mcore-create-issue