vcs-issue-creator
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE] (SAFE): Comprehensive review of the skill files (SKILL.md, labels.md, templates.md) reveals no malicious commands, persistence mechanisms, or obfuscated content.
- [Indirect Prompt Injection] (LOW): The skill has a surface for indirect injection as it processes user-provided content to generate issues. Evidence: (1) Ingestion points: User descriptions and repository data processed in the drafting phase (SKILL.md). (2) Boundary markers: Not explicitly defined in the templates. (3) Capability inventory: Access to issue creation via mcp__github__create_issue and mcp__gitlab__create_issue tools. (4) Sanitization: No explicit sanitization or escaping logic is described in the provided markdown. Mitigation: The risk is categorized as LOW because the workflow strictly requires 'MITM Confirmation' where the agent must present the drafted issue to the user for approval before calling any creation tools.
- [Data Exposure] (SAFE): There are no hardcoded credentials, API keys, or attempts to access sensitive local system files like SSH keys or AWS credentials.
- [No Code] (SAFE): The skill is composed entirely of Markdown documentation and templates; it does not include executable scripts or external package dependencies.
Audit Metadata