work-on-issues

Pass

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill automates repository management using git and the GitHub CLI (gh). These commands are used to create worktrees, manage branches, edit labels, and create pull requests, which are the primary functions of the skill.
  • [EXTERNAL_DOWNLOADS]: The skill executes bun install within a new git worktree. This command fetches the necessary project dependencies from official registries as specified in the repository's configuration files.
  • [SAFE]: The skill processes external data by reading GitHub issue descriptions and comments through gh issue view.
  • Ingestion points: Issue content and comments retrieved in Step 4 of SKILL.md.
  • Boundary markers: No explicit delimiters are specified for the ingested content.
  • Capability inventory: The agent has the capacity to execute shell commands (git, gh, bun) and push changes to the repository.
  • Sanitization: The instructions do not define specific sanitization or filtering steps for the ingested issue text. This constitutes an inherent attack surface for indirect prompt injection, which is standard for autonomous issue workers.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 22, 2026, 07:45 AM
Security Audit — agent-trust-hub — work-on-issues