github-issue-creator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill defines a workflow for processing GitHub content but lacks necessary safeguards to prevent the agent from executing instructions embedded in that content.\n
- Ingestion points: Processes external GitHub issue data and workflow configurations which are attacker-controllable.\n
- Boundary markers: There are no delimiters or 'ignore instructions' warnings defined in the skill to protect against injection.\n
- Capability inventory: The skill requests
Bash,Write,Edit, andReadpermissions, granting it the power to execute system commands and modify files.\n - Sanitization: No input validation or sanitization logic is present to filter malicious payload segments within GitHub data.\n- Command Execution (MEDIUM): The skill requests
Bashaccess for tasks (GitHub issue creation) that should typically be handled via restricted API calls, unnecessarily expanding the attack surface.
Recommendations
- AI detected serious security threats
Audit Metadata