Skills
skills/anyoneanderson/agent-skills/spec-to-issue/Gen Agent Trust Hub

spec-to-issue

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • COMMAND_EXECUTION (LOW): The skill generates shell commands for the gh (GitHub) CLI. While the issue body uses a quoted heredoc (cat <<'EOF') to mitigate injection, the --title argument interpolates values directly into double quotes. This allows for potential command injection or argument modification if a specification document's title contains characters like backticks or unescaped quotes.
  • INDIRECT_PROMPT_INJECTION (LOW):
  • Ingestion points: Reads data from .specs/requirement.md, .specs/design.md, and .specs/tasks.md.
  • Boundary markers: Absent. The instructions do not define delimiters or warn the agent to ignore instructions embedded in the specs.
  • Capability inventory: Possesses network and write capabilities via the gh issue create and gh project item-add commands.
  • Sanitization: Absent. The skill extracts and interpolates text without specifying sanitization or validation logic for the agent to follow.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:49 PM