create-issue
Warn
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides a shell command template for creating GitHub issues:
gh issue create --repo n8n-io/n8n --title "<title>" --body "$(cat <<'EOF' ... EOF)". The use of double quotes for the title parameter derived from user input allows for potential shell command injection if the input contains shell metacharacters such as backticks or$().\n- [PROMPT_INJECTION]: The skill processes untrusted user data to generate structured content for external platforms, representing an indirect prompt injection risk.\n - Ingestion points: User input provided via the
$ARGUMENTSparameter and data retrieved frommcp__notion__notion-search.\n - Boundary markers: The skill uses a bash heredoc (
<<'EOF') for the issue body, which helps isolate content from shell execution, but no similar markers or delimiters are defined for the issue title or the content's effect on downstream systems.\n - Capability inventory: The skill can execute shell commands via the
ghCLI and perform write operations to external services usingmcp__linear-server__save_issue.\n - Sanitization: While the skill requires a human-in-the-loop confirmation before final execution, it lacks specific instructions for the agent to sanitize or validate the content of user-provided strings for shell safety or prompt injection prevention.
Audit Metadata