skills/t0dorakis/murmur/triage-issues/Gen Agent Trust Hub

triage-issues

Pass

Audited by Gen Agent Trust Hub on Jun 24, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill ingests untrusted data from GitHub issue bodies and comments to determine autonomous triage actions. Ingestion points: SKILL.md Step 2 and 3a fetch external content via the gh CLI. Boundary markers: No delimiters or instructions are used to prevent the agent from obeying commands embedded in issue text. Capability inventory: The agent can modify labels, post comments, and close issues. Sanitization: There is no evidence of filtering or validation for ingested content.
  • [DATA_EXFILTRATION]: The instruction to read files in the codebase referenced by an issue creates a surface for sensitive data exposure. A malicious issue could reference sensitive project files such as .env or configuration files, which the agent is instructed to read, potentially exposing their contents in subsequent triage comments.
  • [COMMAND_EXECUTION]: The skill utilizes the gh CLI for all repository interactions. These commands allow the agent to perform write actions, such as creating labels and closing issues, based on its interpretation of external, untrusted data.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 24, 2026, 06:36 PM
Security Audit — agent-trust-hub — triage-issues