100Critical
The skill facilitates remote code execution and prompt injection via untrusted GitHub issues while exposing sensitive API keys and bypassing security constraints through undeclared tool and network access.
Skill Info
Namegoogle-labs-code/jules-skills/automate-github-issues
Registrygithub
Version7a76d3bfcf42
PURLpkg:github/google-labs-code/jules-skills@7a76d3bfcf42?skill=automate-github-issues
Stars72
Installs640
Source
Install
This skill has been flagged as potentially malicious. Review the findings below before installing.
GitHub
640 installs
Skills.shDocs
npx skills add https://github.com/google-labs-code/jules-skillsAssessments (4)
AI Agent Traps ↗Remote code download and execution detectedcriticalcommand executionAML.T0050AML.T0053AML.T0072LLM05:2025LLM06:2025
Remote code download and execution detected
100% confidenceline 136
curl -fsSL https://bun.sh/install | bash
Unrestricted sub-agent spawninghighsub agent spawningAML.T0053AML.T0051.001LLM06:2025
The skill instructs the agent to set up a system that automatically spawns parallel 'Jules' coding agents based on external GitHub issue content, creating an uncontrolled execution loop.
90% confidence
Dispatch parallel Jules sessions, one per task
Credential exposure via environment variablesmediumcredential theftAML.T0055AML.T0037LLM02:2025
The skill encourages users to pass JULES_API_KEY and GITHUB_TOKEN as environment variables to scripts, which are often logged in CI/CD history or process lists.
80% confidenceline 109
JULES_API_KEY=<key> bun fleet-dispatch.ts
Indirect prompt injection vectorhighindirect prompt injection
The pipeline fetches external GitHub issues and feeds them directly into 'Jules' coding agents as task prompts, allowing an attacker to inject malicious instructions via issue comments.
80% confidence
Fetch open issues and format as structured markdown... A Jules session performs deep code-level triage
Referenced file missing from skill packagelowpolicy violation
SKILL.md links to "resources/architecture.md" but the file is not part of the skill package — the workflow silently degrades or the content is sourced elsewhere at runtime
90% confidence
[Architecture Overview](resources/architecture.md)
Missing licenseinfopolicy violation
Skill does not specify a license field. Specifying a license helps users understand usage terms.
100% confidence
Badge
Markdown
[](https://mondoo.com/ai-agent-security/skills/github/google-labs-code/jules-skills/automate-github-issues)HTML
<a href="https://mondoo.com/ai-agent-security/skills/github/google-labs-code/jules-skills/automate-github-issues"><img src="https://mondoo.com/ai-agent-security/api/badge/github/google-labs-code/jules-skills/automate-github-issues.svg" alt="Mondoo Skill Check" /></a>Image URL
https://mondoo.com/ai-agent-security/api/badge/github/google-labs-code/jules-skills/automate-github-issues.svgSecure your AI agents
Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.
- Continuous scanning of skills across all registries
- Policy enforcement before skills reach your agents
- Integration with your existing security workflow