github-create-issue
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill utilizes the GitHub CLI (
ghcommand) for its primary functionality. This is a standard and expected behavior for a GitHub management skill. - [DATA_EXFILTRATION] (SAFE): While the skill requires a
GITHUB_TOKEN, it is used only to interact with the official GitHub REST API or CLI. There are no patterns indicating that the token or repository data is being sent to unauthorized third-party domains. - [EXTERNAL_DOWNLOADS] (SAFE): No external scripts or packages are downloaded at runtime. The skill relies on pre-installed tools (GitHub CLI) or standard environment variables.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill processes external data in the form of GitHub issue templates (
.github/ISSUE_TEMPLATE/). - Ingestion points: Files in
.github/ISSUE_TEMPLATE/. - Boundary markers: None explicitly mentioned in the documentation for the internal matching algorithm.
- Capability inventory: Subprocess calls to
ghand network requests to the GitHub API. - Sanitization: Not explicitly documented, however, the risk is localized to the user's own repository templates, and the impact is limited to issue creation parameters.
Audit Metadata