mcore-create-issue
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from GitHub Actions logs and pull request metadata, which are then used to generate content for new GitHub issues.
- Ingestion points: The skill retrieves job logs via
gh apiand pull request metadata (titles, bodies) viagh pr viewfrom theNVIDIA/Megatron-LMrepository. - Boundary markers: There are no explicit instructions or delimiters used to ensure the agent ignores potentially malicious instructions embedded within the logs or PR data.
- Capability inventory: The skill has repository write access through the
gh issue createcommand, which allows it to post content back to the GitHub platform. - Sanitization: While the skill instructs the agent to limit the error snippet to 30 lines, there is no technical sanitization or escaping of the external content before it is interpolated into the issue body.
- [COMMAND_EXECUTION]: The skill executes multiple shell commands using the GitHub CLI (
gh) to perform its triage workflow. - Evidence: Workflow steps utilize
gh run view,gh api,gh pr view, andgh issue createto interact with GitHub's APIs and services. - [DATA_EXFILTRATION]: The skill performs network operations to fetch data from external sources (GitHub Actions and PR metadata).
- Evidence: Commands like
gh api repos/NVIDIA/Megatron-LM/actions/jobs/<job_id>/logsare used to retrieve logs from a remote repository. This activity is restricted to a well-known official repository and aligns with the skill's stated purpose.
Audit Metadata