issue-prerequisite
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- COMMAND_EXECUTION (LOW): The skill provides numerous bash snippets that the agent is expected to execute to interact with the GitHub CLI (
gh). These scripts use variable interpolation and pipe outputs to other tools likejqandgrep. While functional for automation, this pattern represents a technical risk if variables are not strictly sanitized.\n- Indirect Prompt Injection (LOW): The skill acts as a gatekeeper that ingests untrusted user data to create GitHub issues.\n - Ingestion points: User-provided inputs for 'Title', 'Description', and 'Acceptance Criteria' (defined in SKILL.md).\n
- Boundary markers: Absent. The instructions do not provide delimiters or warnings to the AI to treat this specific user input as untrusted data.\n
- Capability inventory: Subprocess calls via
gh issue create,gh project item-edit, andgh project item-addacross the automation flow (SKILL.md).\n - Sanitization: Absent. There is no logic provided to escape or validate user-provided strings before they are used in shell commands or submitted to the GitHub API.\n- Dynamic Execution (LOW): The skill relies on script generation and execution where logic is branched based on the output of previous CLI commands (e.g., extracting
ITEM_IDusingjq). This is a standard automation pattern but involves runtime assembly of commands.
Audit Metadata