prd-to-issues
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the GitHub CLI (
gh) to perform operations such asgh issue viewandgh issue create. While these are standard tools, they interact with remote repository states. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through the PRD content it ingests. Since the agent is instructed to 'internalize the full PRD content', an attacker could embed malicious instructions within a GitHub issue that the agent would then treat as valid task parameters or overrides.
- Ingestion points:
SKILL.mdStep 1 (Fetching PRD content viagh issue view). - Boundary markers: Absent. There are no delimiters or specific instructions provided to the agent to treat the issue content as data only or to ignore potential instructions within that data.
- Capability inventory: The skill has read access to the local codebase (Step 2) and write access to the GitHub repository via
gh issue create(Step 5). - Sanitization: Absent. The skill does not perform any validation or filtering on the retrieved issue content before processing it.
Audit Metadata