create-plan
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted input from GitHub issues via the
ghcommand, creating a surface for indirect prompt injection where malicious instructions in an issue could influence the generated plan.\n - Ingestion points: GitHub issue content fetched via
gh issue view <number>(SKILL.md).\n - Boundary markers: None present in the skill instructions to separate issue content from agent instructions.\n
- Capability inventory: File system read/write, bash command execution, and codebase auditing.\n
- Sanitization: None; the skill relies on the LLM to summarize and map content into a markdown template.\n- [COMMAND_EXECUTION]: The skill uses the GitHub CLI (
gh) to view issues. This is a functional requirement for the skill's purpose and uses a well-known, trusted service.
Audit Metadata