Skills
skills/psylch/skill-issue-skill/skill-issue/Gen Agent Trust Hub

skill-issue

Pass

Audited by Gen Agent Trust Hub on Apr 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the gh CLI to create issues, which involves executing shell commands.
  • [DATA_EXFILTRATION]: The skill sends issue reports, including project context and user descriptions, to the psylch/skill-issues repository. This is an intended function for bug reporting to the vendor.
  • [EXTERNAL_DOWNLOADS]: The skill performs network requests to GitHub as part of the issue creation process.
  • [PROMPT_INJECTION]: The interpolation of potentially untrusted data into shell command flags provides a surface for indirect prompt injection. Ingestion points: Environmental context and user-provided inputs. Boundary markers: The shell command uses a quoted heredoc (<<'EOF') for the issue body, preventing variable expansion in that field. Capability inventory: Access to command execution and network communication via the gh tool. Sanitization: No instructions are provided for sanitizing or escaping the data placed in command flags like titles.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 2, 2026, 07:02 PM