Skills
skills/vamseeachanta/workspace-hub/extract-learnings-to-issues/Gen Agent Trust Hub

extract-learnings-to-issues

Pass

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: Utilizes the GitHub CLI (gh) to manage repository issues, including searching, listing, viewing, commenting, and closing issues.
  • [COMMAND_EXECUTION]: Performs directory navigation to /mnt/local-analysis/workspace-hub and temporary file creation in /tmp using heredocs (<< 'EOF'), which is a security best practice that prevents shell variable expansion in generated content.
  • [DATA_EXFILTRATION]: Routes user-provided reflections to GitHub issues. This is the primary intended function of the skill and uses official tooling (gh) to move data to a user-specified destination.
  • [PROMPT_INJECTION]: Ingests unstructured user input for processing. This represents a surface for indirect prompt injection.
  • Ingestion points: User reflections and learnings processed in Phase 1.
  • Boundary markers: Uses 'EOF' in the shell heredoc to treat user content as static text.
  • Capability inventory: Uses gh issue comment and gh issue close.
  • Sanitization: Relies on the agent's 'distillation' phase to extract themes rather than executing user content directly.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 9, 2026, 02:17 AM
Security Audit — agent-trust-hub — extract-learnings-to-issues