Skills
skills/siyuqian/devpilot/devpilot-prd-to-issues/Gen Agent Trust Hub

devpilot-prd-to-issues

Pass

Audited by Gen Agent Trust Hub on May 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the GitHub CLI (gh) to interact with and modify repository state. This includes using gh label edit to rename existing labels and gh api to create or manage sub-issue hierarchies. These capabilities allow the agent to perform administrative-level modifications to project metadata.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from external PRDs, design documents, or URLs and uses that data to drive its workflow. An adversary could craft a PRD containing hidden instructions that, when processed, trick the agent into misusing its GitHub tools (e.g., performing unauthorized label renames or creating malicious issues).
  • Ingestion points: SKILL.md specifies that the agent reads source documents from files, pasted text, or remote URLs (Workflow Step 1).
  • Boundary markers: Absent. There are no instructions to use delimiters or ignore instructions found within the processed PRD.
  • Capability inventory: The skill uses gh label edit, gh api, and creates issues across the repository.
  • Sanitization: Absent. No filtering or validation logic is defined to prevent the execution of instructions embedded in the PRD content.
Audit Metadata
Risk Level
SAFE
Analyzed
May 2, 2026, 10:24 AM