Skills
skills/terrylica/cc-skills/issues-workflow/Gen Agent Trust Hub

issues-workflow

Warn

Audited by Gen Agent Trust Hub on Mar 8, 2026

Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill contains instructions to read a sensitive credential file at ~/.claude/.secrets/gh-token-terrylica. Specifically, it uses cat to display the start of the token for verification purposes, which exposes a path to and partial contents of a secret.
  • [COMMAND_EXECUTION]: The workflow relies on shell scripts that pipe data from GitHub CLI commands into subsequent operations. This includes patterns like gh issue list ... | while read url; do gh project item-add ..., which are susceptible to command injection if the issue metadata contains shell metacharacters. It also includes a hook example that uses execSync to dynamically execute commands based on issue labels and URLs.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes untrusted data from GitHub (issue bodies and titles). This data is used to drive the agent's logic and populate new issues without the use of delimiters or sanitization routines to prevent embedded instructions from being executed.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 8, 2026, 03:44 PM