do-issues
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill demonstrates a surface for indirect prompt injection by processing external data from GitHub issues.
- Ingestion points: Content is retrieved from untrusted sources via
gh issue listandgh issue view(SKILL.md). - Boundary markers: The instructions lack specific delimiters or instructions to ignore embedded commands within the processed issue text.
- Capability inventory: The skill permits searching the codebase, writing source code, and executing tests which may involve arbitrary shell commands (SKILL.md).
- Sanitization: There is no evidence of sanitization or verification of the issue content before the agent uses it to plan and implement changes.
Audit Metadata