cmd-gh-issue
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the
ghcommand-line tool to retrieve repository information and create issues. It uses a quoted heredoc ('ISSUE_EOF') when passing the conversation context to the shell, which effectively prevents shell expansion and command injection attacks from the conversation data. - [DATA_EXFILTRATION]: The skill extracts conversation context and sends it to GitHub to populate issue bodies. This is the primary intended functionality of the skill and involves a well-known service (GitHub) via its official CLI tool.
Audit Metadata