issues
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill constructs shell commands using user-provided input for issue titles, bodies, and labels. Specifically, the instruction
gh issue create --title "[title]" --body "[constructed body]" --label "[labels]"demonstrates direct interpolation of variables into a bash command. While the skill later recommends using HEREDOC to preserve formatting and improve safety, the initial pattern is vulnerable to command injection if a user provides a title or label containing shell metacharacters like backticks or subshells. To mitigate this, all user-controlled variables should be treated as untrusted data and wrapped in strict boundary markers or passed through the agent's safe execution environment.
Audit Metadata