new-issue
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): Detected an Indirect Prompt Injection surface (Category 8) where the skill processes untrusted user data to generate GitHub issue content.
- Ingestion points: Conversation history, user-provided bug descriptions, and code snippets are used as input for issue generation in
SKILL.md. - Boundary markers: No explicit markers (e.g., delimiters) are required for the AI to distinguish between instructions and data during ingestion, though the output format is clearly defined.
- Capability inventory: The skill executes
gh issue createandgh repo viewvia the command line, which allows for network requests and data modification on GitHub. - Sanitization: The risk is significantly reduced by a mandatory confirmation step (
Step 3) that requires the user to review the draft via thequestiontool. Additionally, the skill employs shell-safe Heredocs (<<'EOF') to prevent command injection from the generated issue body.
Audit Metadata