qa
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the official GitHub CLI (
gh) to search for and create repository issues. These operations are performed on a well-known service and are necessary for the skill's documented functionality. - [DATA_EXFILTRATION]: User-provided bug descriptions are transmitted to GitHub for issue creation. This is the intended purpose of the skill and occurs following user input.
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it ingests user input to generate commands and issue bodies.
- Ingestion points: User's verbal bug reports in SKILL.md (Step 1).
- Boundary markers: Structured templates are used for creating issues, but search keywords are taken directly from user input.
- Capability inventory: GitHub CLI operations (
list,create) and codebase exploration via sub-agents. - Sanitization: No specific sanitization or validation of user-provided keywords is defined, relying on the agent's tool-calling implementation.
Audit Metadata