create-issue
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill analyzes untrusted repository data such as existing issues, documentation, and commit messages to determine language styles, which creates a surface for indirect prompt injection.
- Ingestion points: Analysis of existing issues, documentation, and commit messages in
SKILL.md. - Boundary markers: Absent; the instructions do not provide delimiters or warnings to prevent the agent from obeying instructions found within the analyzed files.
- Capability inventory: Includes
mcp__github__issue_write, which allows the agent to create new GitHub issues based on the potentially poisoned context. - Sanitization: Absent; no validation or escaping of the ingested text is performed before processing.
- Command Execution (SAFE): The skill utilizes the
gh repo viewcommand via Bash to retrieve repository metadata. This is a standard, read-only operation and does not pose a security risk in this context.
Audit Metadata