issue
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
ghcommand-line tool within a Bash environment to create GitHub issues. It correctly implements a quoted heredoc ('EOF') when passing the issue body to the shell, which prevents command injection by ensuring the content is treated as a literal string rather than being evaluated by the shell. - [DATA_EXFILTRATION]: The skill reads local codebase information and transmits it to GitHub's infrastructure. This is the primary intended function of the skill. To protect against accidental exposure, the skill includes a mandatory 'Preview & Confirm' phase where the user must review the content and provide explicit authorization via
AskUserQuestionbefore any external network request is made. - [PROMPT_INJECTION]: Since the skill reads and processes untrusted data from the codebase (e.g., file contents, git logs), it is theoretically susceptible to indirect prompt injection where malicious instructions in the code could attempt to manipulate the AI's analysis. The skill mitigates this risk by defining clear confidence boundaries (AI Verified vs. Human Verify) and requiring a human-in-the-loop review of the generated content prior to execution.
Audit Metadata