log-doc-issues
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No instructions attempting to override agent behavior or bypass safety filters were found.
- Data Exposure & Exfiltration (SAFE): The skill uses the GitHub CLI to list and create issues. No sensitive files (like SSH keys or credentials) are accessed or transmitted to external domains.
- Unverifiable Dependencies & Remote Code Execution (SAFE): No external packages are installed, and no remote scripts are downloaded or executed at runtime.
- Indirect Prompt Injection (SAFE): While the skill ingests data from external sources (the
/check-docstool and GitHub issue lists), it utilizes quoted heredocs (<<'EOF') in its command templates. This is a best practice that prevents shell expansion of the ingested content, mitigating command injection risks. - Ingestion points: Output from
/check-docsandgh issue listresults. - Boundary markers: Employs quoted heredocs for the issue body.
- Capability inventory: Uses
gh issue createvia subprocess. - Sanitization: Use of quoted heredocs prevents interpolation of findings into the shell command context.
Audit Metadata