create-issues
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it incorporates external repository data into the agent's context. • Ingestion points: Output from
gh issue listis injected into the context inSKILL.md. • Boundary markers: The skill lacks delimiters or specific instructions to isolate or ignore embedded commands in the issue data. • Capability inventory: The skill can executegh issue create,gh label create, andgitcommands as defined inSKILL.mdandreferences/decision-logic.md. • Sanitization: No sanitization or validation of the external content is performed. - [COMMAND_EXECUTION]: Dynamic context injection is used in
SKILL.mdto executegit status,git branch,gh issue list, andgh auth statuswhen the skill is loaded. These commands provide necessary environmental information and are used in a manner consistent with the skill's stated purpose without accessing sensitive files or unauthorized networks.
Audit Metadata