create-git-issue
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface through its data ingestion process.\n
- Ingestion points: Fetches issue bodies and comments from external references or URLs in Step 2.\n
- Boundary markers: No explicit delimiters or instructions to treat external issue content as untrusted data are provided.\n
- Capability inventory: Utilizes
ghCLI for network operations and shell execution; writesprd.mdandissues.mdto the workspace root.\n - Sanitization: No explicit sanitization or validation of the fetched issue content is performed before interpolation into generated drafts.\n- [COMMAND_EXECUTION]: The skill provides shell command templates that incorporate variables derived from user input or external content.\n
- Evidence: The instruction to use
gh issue create --title "<PRD title>"relies on the agent for proper escaping. While double quotes are specified in the template, the absence of explicit sanitization for shell metacharacters within titles or filenames presents a vulnerability surface.
Audit Metadata