batch-issues
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill was analyzed for indirect prompt injection surface (Category 8) because it ingests external plan files to generate content. 1. Ingestion points: Data is read from files in the 'plans/' directory or provided directly by the user via arguments. 2. Boundary markers: The plan content is passed to the decomposition sub-agent without explicit delimiters or 'ignore instructions' warnings. 3. Capability inventory: The skill possesses the capability to use the 'gh' CLI for creating issues, labels, and milestones. 4. Sanitization: The risk is mitigated by a mandatory human review step using 'AskUserQuestion' which forces the user to approve or edit all generated content before any shell commands are executed.
- [COMMAND_EXECUTION]: The skill uses the official GitHub CLI ('gh') to perform repository operations. All write-access commands (issue/label/milestone creation) are gated behind an explicit user confirmation prompt, preventing unauthorized or unintended repository modifications.
Audit Metadata