Skills
skills/cherryhq/cherry-studio/gh-create-issue/Gen Agent Trust Hub

gh-create-issue

Pass

Audited by Gen Agent Trust Hub on Mar 4, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by reading content from .github/ISSUE_TEMPLATE/ and instructing the agent to 'Treat template files as the only source of truth'. Evidence: 1. Ingestion point: Template files in the local repository. 2. Boundary markers: Absent. 3. Capability inventory: Subprocess execution via gh CLI, mktemp, and rm. 4. Sanitization: The skill uses a quoted heredoc (<<'EOF') for writing the issue body, but does not specify sanitization for title prefixes or labels extracted from the templates.
  • [COMMAND_EXECUTION]: The skill utilizes several system commands to perform its tasks, including the GitHub CLI (gh) for issue management and shell utilities like mktemp for temporary file creation and rm for cleanup.
  • [COMMAND_EXECUTION]: There is a potential risk of command injection if metadata provided within the repository's issue templates (such as title prefixes or label names) contains shell metacharacters and is passed directly to the gh command without proper agent-side validation or escaping.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 4, 2026, 02:32 PM