Skills
skills/shotaiuchi/dotclaude/sh1-create/Gen Agent Trust Hub

sh1-create

Pass

Audited by Gen Agent Trust Hub on Feb 28, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it parses unstructured text from external sources (GitHub issues and Jira tickets) to build its dependency graph. An attacker with access to those external platforms could inject strings like 'depends on #N' to manipulate the workflow execution order.
  • Ingestion points: GitHub issue bodies and Jira ticket descriptions fetched during the 'create' process.
  • Boundary markers: The skill does not define boundary markers or 'ignore' instructions for the fetched content.
  • Capability inventory: The skill uses gh and jq to interact with system resources and writes a schedule.json file.
  • Sanitization: No input sanitization is mentioned for the text used to detect dependency patterns.
  • [COMMAND_EXECUTION]: The skill requires the execution of external command-line utilities to perform its core functions.
  • Evidence: Mentions the necessity of gh for GitHub integration and jq for handling JSON data within the workflow.
  • [EXTERNAL_DOWNLOADS]: The skill retrieves data from remote platforms to populate the local schedule.
  • Evidence: Fetches configuration and work items from GitHub and Jira. These are recognized well-known services.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 28, 2026, 11:34 PM