log-product-standards-issues
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (LOW): The skill executes the
gh(GitHub CLI) via a bash script to create issues. This is an expected capability for the skill's purpose. The implementation correctly uses a quoted heredoc (<<'EOF') for the issue body, which prevents the shell from performing variable expansion or command substitution on the data generated from audit findings.\n- PROMPT_INJECTION (LOW): (Category 8: Indirect Prompt Injection) The skill ingests data from another skill (check-product-standards) and interpolates it into commands. This creates a surface where malicious content in the audited data could attempt to influence the agent's behavior or the parameters of the GitHub issue.\n - Ingestion points: Output results from the
Skill(\"check-product-standards\")call inSKILL.md.\n - Boundary markers: The quoted heredoc provides a technical boundary for the bash shell, but there are no natural language boundary markers or instructions to the agent to treat the audit data as untrusted or to ignore embedded instructions.\n
- Capability inventory: Execution of
gh issue createwith multiple flags and a multiline body inSKILL.md.\n - Sanitization: Quoted heredocs are used to prevent shell-level injection in the issue body, but placeholders like
[Title]in the command arguments are not explicitly sanitized against malicious CLI flag injection.
Audit Metadata