Skills
skills/yigitkonur/skills-by-yigitkonur/run-issue-plan/Gen Agent Trust Hub

run-issue-plan

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an Indirect Prompt Injection surface (Category 8).\n
  • Ingestion points: The skill reads external data from GitHub using gh issue view and gh api to fetch issue bodies, sub-issue titles, and recent comments as documented in SKILL.md (Phase 3) and references/subagent-dispatch.md.\n
  • Boundary markers: The prompt template in references/subagent-dispatch.md uses Markdown headers to structure the output, but lacks explicit 'ignore embedded instructions' warnings for the untrusted content.\n
  • Capability inventory: The agent possesses the ability to execute GitHub CLI commands, run local bash scripts (scripts/read-tree.sh), and dispatch subagents with auto mode enabled.\n
  • Sanitization: The instructions explicitly direct the agent to extract sections from the issue body 'verbatim', with no sanitization or filtering to prevent malicious instructions embedded in the issue or its comments from influencing subagent behavior.\n- [COMMAND_EXECUTION]: The skill utilizes local shell commands and scripts to perform its logic.\n
  • It uses the gh CLI tool for all GitHub-related operations, including viewing, listing, and editing issues.\n
  • It executes a local bash script scripts/read-tree.sh within its own directory to recursively process and display the issue hierarchy.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 05:56 AM