report-issue
Pass
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local shell commands including
git log,git remote, andgh auth statusto gather context about the project and environment. It also usesgh issue createto perform its primary function of submitting bug reports. - [DATA_EXFILTRATION]: Repository metadata and user-provided bug details are sent to GitHub. This network operation targets a well-known service (GitHub) and is the explicit and intended purpose of the skill.
- [PROMPT_INJECTION]: The skill processes untrusted input from both user responses and the local codebase (via file exploration and git history). While this creates a surface for indirect prompt injection, the risk is inherent to the skill's purpose, and the instructions specifically mitigate command injection risks by recommending the use of temporary files and proper escaping for the GitHub CLI command arguments.
Audit Metadata