to-issues
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the GitHub CLI tool (
gh) to performgh issue viewandgh issue create. These operations are well-scoped to the skill's purpose of project management and interaction with a well-known service (GitHub). - [PROMPT_INJECTION]: The skill ingests untrusted content from GitHub issues and user plans to generate its output, presenting a surface for indirect prompt injection. Mandatory Evidence Chain: (1) Ingestion points: Data retrieved from GitHub issue summaries and comments via
gh issue view, as well as user-provided plan text in the conversation context. (2) Boundary markers: None explicitly defined to separate untrusted data from agent instructions. (3) Capability inventory: Access to read and write GitHub issues using theghcommand-line tool. (4) Sanitization: None implemented within the skill instructions. The vulnerability is mitigated by a mandatory manual review step ('Quiz the user') where the breakdown is verified by a human before issue creation.
Audit Metadata