issues
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill executes bash commands using input gathered from users. While it provides a safe HEREDOC example for the body content, the command template for the title
gh issue create --title "[title]"remains potentially vulnerable to command injection if the agent fails to properly sanitize the user-provided title string. - [PROMPT_INJECTION] (LOW): The skill exhibits an indirect prompt injection surface by ingesting data from external GitHub issues through the
gh issue viewcommand. This creates a risk where malicious instructions embedded in an issue's body or comments could influence the agent's future behavior. Evidence: 1. Ingestion points:gh issue view [number](SKILL.md); 2. Boundary markers: Absent for CLI output; 3. Capability inventory:Bash(gh *)allows shell execution; 4. Sanitization: None defined for retrieved content.
Audit Metadata