log-quality-issues
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Indirect Prompt Injection (LOW): The skill processes data from the /check-quality primitive and interpolates it into gh issue create commands. This creates an attack surface where malicious audit findings could influence the content of created issues.
- Ingestion points: Findings returned by the /check-quality skill referenced in SKILL.md.
- Boundary markers: None explicitly used during interpolation into the --title flag.
- Capability inventory: Execution of gh CLI commands in SKILL.md.
- Sanitization: The implementation uses a quoted heredoc ('EOF') for the issue body, which prevents variable expansion, but does not sanitize the --title flag against malicious content from the findings.
Audit Metadata