Skills
skills/fandhe-ai/agent-cli-skills/create-issue/Gen Agent Trust Hub

create-issue

Pass

Audited by Gen Agent Trust Hub on Apr 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to use the gh CLI to create issues and perform API calls. It explicitly suggests using GIT_SSL_NO_VERIFY=1 in sandbox environments, which disables TLS certificate verification. This is a security risk that could allow an attacker to intercept or modify communication between the agent and GitHub.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it ingests untrusted user input to generate GitHub issues.
  • Ingestion points: User descriptions and task breakdowns in Step 1.
  • Boundary markers: No specific delimiters or instructions to ignore embedded commands are present in the issue body templates.
  • Capability inventory: The skill has the capability to write to external repositories via gh issue create and gh api POST requests.
  • Sanitization: No sanitization or validation of the user-provided text is performed before it is passed to the shell commands or API calls.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 16, 2026, 09:50 PM