Skills
skills/xiaojiongqian/skills-hub/gh-issue-autodev/Gen Agent Trust Hub

gh-issue-autodev

Pass

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes external data from GitHub issues to drive its development workflow, creating a surface for indirect prompt injection.
  • Ingestion points: Fetches issue title, body, and labels using gh issue view <issue_number> in SKILL.md.
  • Boundary markers: Absent; there are no delimiters or specific instructions to ignore embedded commands within the fetched issue content.
  • Capability inventory: The skill has broad capabilities including shell command execution (gh, git, npm), file modification (implementation phase), and access to local credentials (Keychains and .env files).
  • Sanitization: Absent; the agent is instructed to directly "Classify the issue" and "Implement the fix or feature" based on the untrusted input from GitHub.
  • [DATA_EXFILTRATION]: The skill is configured to access sensitive local files and credential stores to facilitate automated testing.
  • Evidence: The workflow in SKILL.md explicitly instructs the agent to source "$HOME/.config/taledraw-test.env" if it exists and to retrieve values from the MacOS Keychain using identifiers like codex-talelens-test-email and codex-talelens-test-password.
  • [COMMAND_EXECUTION]: The skill utilizes the system shell to perform git operations, GitHub CLI interactions, and project-specific build or test scripts.
  • Evidence: Execution of gh auth status, gh issue view, git push, and various quality check commands such as lint, tsc, and playwright.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 18, 2026, 10:39 AM