github-issue-creator
Fail
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill processes untrusted external data and has the capability to write files to the disk.\n
- Ingestion points: User-provided error logs, raw notes, and voice dictations processed into markdown issues.\n
- Boundary markers: Absent; there are no delimiters specified to isolate untrusted data from system instructions in the prompt logic.\n
- Capability inventory: File system write access to create markdown files in the root-level
/issues/directory.\n - Sanitization: While the skill provides guidelines for redacting sensitive data using placeholders, it lacks logic to sanitize inputs against path traversal sequences or embedded instructions.\n- Command Execution (MEDIUM): The skill performs file creation operations using data influenced by the user.\n
- Evidence: Instructions in
SKILL.mdto create markdown files using a naming convention that includes a user-provided short description.\n - Path Traversal Risk: The filename depends on a description inferred from untrusted input. If directory traversal sequences such as
../are not filtered by the agent or the underlying tool, an attacker could attempt to write files outside the designated/issues/directory.
Recommendations
- AI detected serious security threats
Audit Metadata