Skills
skills/xfstudio/skills/spec-taskstoissues/Gen Agent Trust Hub

spec-taskstoissues

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • COMMAND_EXECUTION (MEDIUM): The skill executes a local bash script located at .specify/scripts/bash/check-prerequisites.sh. Since the content of this script is not provided, it represents a risk of arbitrary command execution with the user's privileges.
  • COMMAND_EXECUTION (LOW): The skill utilizes system commands including git config --get remote.origin.url to verify the repository and gh issue create/list to interact with GitHub.
  • PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8):
  • Ingestion points: The skill reads and parses tasks.md.
  • Boundary markers: No specific delimiters or 'ignore' instructions are used to separate task data from agent instructions.
  • Capability inventory: The agent can execute the GitHub CLI and a local bash script.
  • Sanitization: No evidence of sanitization or validation of the task descriptions before they are passed to the gh command.
  • DATA_EXFILTRATION (SAFE): Reading the git configuration and task list is necessary for the skill's stated purpose of managing GitHub issues and does not appear to be malicious.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:22 PM