Skills
skills/yektas/skills/prd-to-issues/Gen Agent Trust Hub

prd-to-issues

Pass

Audited by Gen Agent Trust Hub on Feb 21, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [Indirect Prompt Injection] (LOW): The skill is vulnerable to indirect prompt injection because it ingests untrusted data from GitHub issues which is then used to drive subsequent agent actions and issue creation.
  • Ingestion points: The skill reads external PRD content using gh issue view (SKILL.md Step 1).
  • Boundary markers: There are no delimiters or instructions to the agent to ignore potentially malicious commands embedded within the PRD content.
  • Capability inventory: The agent has the capability to read local files (codebase exploration) and write to external systems via gh issue create (SKILL.md Step 5).
  • Sanitization: No sanitization or validation is performed on the ingested PRD text before it is processed by the LLM.
  • [Command Execution] (SAFE): The skill utilizes the GitHub CLI (gh) to view and create issues. These operations are aligned with the skill's stated purpose and do not represent unauthorized privilege escalation or arbitrary command execution.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 21, 2026, 12:42 PM