Skills
skills/fandhe-ai/agent-cli-skills/project-create-issues/Gen Agent Trust Hub

project-create-issues

Warn

Audited by Gen Agent Trust Hub on Apr 16, 2026

Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill explicitly recommends using GIT_SSL_NO_VERIFY=1 when running in sandbox environments. This environment variable disables TLS certificate verification for Git-based operations (including the gh CLI), which facilitates Man-in-the-Middle (MitM) attacks, allowing an attacker to intercept or modify communication with GitHub.
  • [COMMAND_EXECUTION]: The skill fetches external content from GitHub Project draft items (titles and bodies) and interpolates them directly into shell commands: gh issue create --title "<ドラフトのタイトル>" --body "<ドラフトの本文>". If the draft content contains shell-sensitive characters (like backticks, semicolons, or command substitutions) and is not properly handled by the agent, it could lead to arbitrary command execution on the host system.
  • [COMMAND_EXECUTION]: The skill processes untrusted external data with the following risk factors (Indirect Prompt Injection surface):
  • Ingestion points: Data is ingested via gh project item-list in SKILL.md at Step 1 and Step 4.
  • Boundary markers: The instructions do not define boundary markers or instruct the agent to ignore instructions embedded within the draft titles or bodies.
  • Capability inventory: The skill possesses write capabilities through gh issue create, gh project item-add, and gh api (POST).
  • Sanitization: There are no instructions or scripts provided to sanitize the external content before it is used to construct API calls or shell commands.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 16, 2026, 09:50 PM