create-issue
Warn
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill programmatically reads the contents of modified and untracked files to attach them to GitHub issues. This process uses
git diffandcaton all untracked files not excluded by.gitignore. This poses a significant risk of exposing sensitive information, such as environment variables, local secrets, or private configuration, if they are present in the workspace but not yet ignored. - [COMMAND_EXECUTION]: The skill relies on extensive shell command execution to perform its primary functions.
- Evidence: In
references/workspace-changes.md, the skill executesgit ls-files --others --exclude-standard -z | xargs -0 catto read the full content of untracked files. - Evidence: The skill implements a cleanup procedure that executes
rmon a list of files identified as part of the workspace changes, which could lead to data loss if not carefully reviewed by the user. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from the local filesystem.
- Ingestion points:
references/workspace-changes.mdreads the content of modified and untracked files. - Boundary markers: While file contents are wrapped in markdown code blocks, there are no explicit instructions for the agent to ignore potentially malicious instructions embedded within the file content itself.
- Capability inventory: The agent has access to
ghfor remote issue creation,git pushfor branch creation, andrmfor file deletion. - Sanitization: No sanitization or filtering of file content is performed before interpolation into the issue draft.
Audit Metadata