github-create-issue
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill documentation (SKILL.md and api-guide.md) confirms the execution of external commands, specifically the GitHub CLI (
gh). While this is the intended primary purpose of the skill, the exact implementation of how user-provided strings (title, body) are passed to the shell is handled in unprovided scripts (issue_creator.py), presenting a theoretical risk of command injection if not properly sanitized. - [DATA_EXFILTRATION] (SAFE): The skill is designed to transmit data (issue titles and descriptions) to GitHub's servers. This behavior is documented and inherent to its primary function as a GitHub management tool.
- [PROMPT_INJECTION] (LOW): Category 8 (Indirect Prompt Injection): The skill ingests data from
.github/ISSUE_TEMPLATE/to automate issue formatting. - Ingestion points: Markdown and YAML files within the
.github/ISSUE_TEMPLATE/directory. - Boundary markers: None documented in the script logic provided.
- Capability inventory: Execution of
ghCLI commands and GitHub REST API calls. - Sanitization: Documentation does not specify how template content is sanitized before being processed by the agent.
- [CREDENTIALS_UNSAFE] (SAFE): The documentation mentions the use of
GITHUB_TOKENandGH_TOKENenvironment variables but does not contain hardcoded secrets, using standard placeholders (e.g.,ghp_xxx) for examples. - [NO_CODE] (LOW): The skill references two Python scripts,
scripts/template_matcher.pyandscripts/issue_creator.py, which are not included in the provided file set. This makes the precise execution logic and safety of the keyword matching algorithm unverifiable.
Audit Metadata