Skills
skills/mgratzer/forge/forge-create-issue/Gen Agent Trust Hub

forge-create-issue

Pass

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute gh commands and perform "smoke tests" on external dependencies. The interpolation of AI-generated strings (titles, labels, and dependency names) into these shell commands creates a risk of command injection if the generated content contains shell metacharacters that are not properly sanitized.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes codebase files to inform the creation of GitHub issues. Malicious instructions embedded in those files could influence the agent's behavior during the planning or creation phases.
  • Ingestion points: Codebase files accessed via the Read, Grep, and Glob tools in Step 3.
  • Boundary markers: None. The skill does not implement delimiters or specific instructions to ignore embedded commands found within source files.
  • Capability inventory: The agent has access to Bash for command execution, Read for file access, and WebSearch for external information retrieval.
  • Sanitization: The skill does not explicitly require the validation or escaping of content retrieved from the codebase before it is interpolated into subsequent prompts or tool calls.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 14, 2026, 03:48 PM