Skills
skills/tanabee/skills/create-checklist/Gen Agent Trust Hub

create-checklist

Pass

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute gh issue view, git log, and git show. These commands are used to gather context for generating checklists but interact with external and project data.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it retrieves and analyzes untrusted data from GitHub issues.
  • Ingestion points: Content retrieved via gh issue view in step 2 of SKILL.md.
  • Boundary markers: Absent. There are no instructions or delimiters used to prevent the agent from following commands embedded within the GitHub issue content.
  • Capability inventory: The skill has access to the Bash tool for command execution and the Write tool for file modifications.
  • Sanitization: Absent. The skill does not perform any validation or sanitization of the issue content before processing it.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 9, 2026, 01:47 PM