issue-open
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the GitHub CLI (
gh) to create issues. This is the primary function of the skill and uses standard command-line arguments. - [PROMPT_INJECTION]: The skill processes untrusted user input which represents a surface for indirect prompt injection.
- Ingestion points: Untrusted data enters through the
$ARGUMENTSvariable or user conversational input inSKILL.md. - Boundary markers: The shell command construction utilizes a heredoc (
EOF) for the issue body, which prevents the content from being interpreted as command-line flags. - Capability inventory: The skill has the capability to execute shell commands (specifically
gh issue create). - Sanitization: The skill implements a mandatory human-in-the-loop confirmation step (
AskUserQuestion), requiring the user to verify the generated title, labels, and body before the command is executed.
Audit Metadata