Skills
skills/arisng/github-copilot-fc/md-issue-writer/Gen Agent Trust Hub

md-issue-writer

Pass

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: In scripts/create_issue.py, the script executes os.system(f'python {script}') to trigger metadata extraction. The script path, derived from the file system, is not quoted. If the skill is installed in a directory containing spaces or shell metacharacters (e.g., ;, &), it could lead to arbitrary command execution.
  • [EXTERNAL_DOWNLOADS]: The scripts/extract_issue_metadata.py file imports the yaml (PyYAML) library, but the skill does not provide a requirements.txt or similar manifest to declare this dependency or ensure a verified version is used.
  • [PROMPT_INJECTION]: The skill implements an indirect prompt injection surface.
  • Ingestion points: Reads all .md files in .docs/issues/ or _docs/issues/ to extract metadata.
  • Boundary markers: None; the script parses YAML frontmatter and regex-matched text directly from user-controlled or external files.
  • Capability inventory: The skill has file-write capabilities (generating index.md).
  • Sanitization: There is no sanitization of the metadata extracted (e.g., title, author, status) before it is written into the index.md summary table. If an attacker places a malicious markdown file with instructions in the metadata fields, an agent reading the resulting index could be manipulated.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 9, 2026, 11:17 PM