bug
Pass
Audited by Gen Agent Trust Hub on Jun 15, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands using
gh(GitHub CLI) andgitto manage repository data and issues. These commands are legitimate and limited to the skill's stated purpose of filing bug reports. - [EXTERNAL_DOWNLOADS]: The skill interacts with the official GitHub API and repository endpoints to retrieve metadata and post issues. These operations target well-known and trusted services.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to the processing of untrusted user input to generate issue drafts. 1. Ingestion points: User-provided bug descriptions and stack traces in Phase 2. 2. Boundary markers: Absent (user content is interpolated directly into a markdown template). 3. Capability inventory: Ability to create issues and labels via the Bash tool. 4. Sanitization: None provided in the instructions. Note: The risk of malicious instruction execution is significantly reduced by the mandatory human-in-the-loop confirmation required in Phase 3 before any state-changing command is executed.
Audit Metadata