github-planning
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill generates and executes commands for the
ghCLI to create labels, issues, and complex Projects v2 structures. This behavior is the primary intended function of the skill and uses standard, non-malicious parameters. - [EXTERNAL_DOWNLOADS]: The skill performs network operations via the
ghCLI and GraphQL API to communicate withapi.github.com. These operations target a well-known service and are necessary for the skill's utility. - [PROMPT_INJECTION]: The skill ingests untrusted text data for feature and task descriptions and places it into GitHub artifacts, which creates a surface for indirect prompt injection.
- Ingestion points: User-provided feature names, task descriptions, and verification details (found in
SKILL.mdtemplate variables). - Boundary markers: The skill uses shell heredocs (
EOF) to provide a degree of isolation for content within the generated CLI commands. - Capability inventory: The skill can create, update, and delete GitHub issues and projects via the
ghtool. - Sanitization: No specific filtering or "ignore instructions" delimiters are added to the text content before it is committed to GitHub. However, this is consistent with the primary purpose of a documentation and planning tool.
Audit Metadata