github-issue-creator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill possesses a high-severity vulnerability surface due to its combination of untrusted data ingestion and file-writing capabilities. * Ingestion points: Ingests raw user text, including error logs, dictation, and notes as defined in 'SKILL.md'. * Boundary markers: No delimiters are defined to separate untrusted user input from system instructions, allowing input to potentially bleed into the instruction context. * Capability inventory: The skill is capable of writing markdown files to the '/issues/' directory. * Sanitization: While it includes logic to redact hardcoded secrets, it lacks sanitization against embedded natural language instructions that could manipulate the agent's 'inference' and 'extraction' steps.
Recommendations
- AI detected serious security threats
Audit Metadata