report-issue

Pass

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local shell commands including git log, git remote, and gh auth status to gather context about the project and environment. It also uses gh issue create to perform its primary function of submitting bug reports.
  • [DATA_EXFILTRATION]: Repository metadata and user-provided bug details are sent to GitHub. This network operation targets a well-known service (GitHub) and is the explicit and intended purpose of the skill.
  • [PROMPT_INJECTION]: The skill processes untrusted input from both user responses and the local codebase (via file exploration and git history). While this creates a surface for indirect prompt injection, the risk is inherent to the skill's purpose, and the instructions specifically mitigate command injection risks by recommending the use of temporary files and proper escaping for the GitHub CLI command arguments.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 2, 2026, 06:39 AM
Security Audit — agent-trust-hub — report-issue