issue-analyze
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data from GitHub issues and PR review comments, which presents an inherent indirect prompt injection surface.
- Ingestion points: Untrusted data enters the context during Phase 1 via
gh issue viewor direct user input for review threads (SKILL.md). - Boundary markers: The documentation specifies an "anti-anchoring" requirement for the verification step to prevent Claude's conclusions from influencing the second model, though specific delimiters for the external content itself are not defined in the provided files.
- Capability inventory: The skill can read files, search the codebase, and execute restricted
gitandghcommands (SKILL.md allowed-tools). - Sanitization: There is no description of content sanitization or escaping for the issue/comment text before it is processed or used in the investigation workflow.
- [COMMAND_EXECUTION]: The skill utilizes scoped shell access to gather repository state and issue metadata.
- Evidence: It uses
gh issue viewand variousgitcommands (Phase 1, 3, and Standard Research Block) to facilitate diagnostic tasks (SKILL.md).
Audit Metadata