Skills
skills/casret/pipedream/pd-github-create-issue/Gen Agent Trust Hub

pd-github-create-issue

Pass

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to run npx tsx to execute a local script. This is a standard and safe practice for running TypeScript tools.
  • [EXTERNAL_DOWNLOADS]: The use of npx may involve downloading the tsx package from the npm registry, which is a trusted and well-known service.
  • [PROMPT_INJECTION]: The skill accepts user-defined input via the --title and --body arguments in SKILL.md. This constitutes an indirect prompt injection surface (Category 8). Evidence: 1. Ingestion points: --title and --body arguments in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: Script execution interacting with the GitHub API. 4. Sanitization: Absent or unverifiable in the provided file stubs. This finding is considered low risk as the ingestion is necessary for the skill's primary function.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 10, 2026, 01:31 AM