creating-github-child-issues
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its ingestion of local plan files. \n- Ingestion points: Task data (objectives, requirements, and notes) is read from
docs/<ISSUE_SLUG>-tasks.mdwithintask-issue-creator.md. \n- Boundary markers: The skill uses markdown headers for parsing but does not implement explicit delimiters or instructions to ignore instructions within the task content. \n- Capability inventory: The skill has the capability to executegh issue createandgh apicalls. \n- Sanitization: Task content is interpolated directly into issue templates without validation or escaping. \n- [COMMAND_EXECUTION]: The skill utilizes the GitHub CLI (gh) and the GitHub REST API to perform repository operations. Commands are dynamically constructed based on templates and input derived from user-provided URLs and the local task plan. \n- [EXTERNAL_DOWNLOADS]: The skill is configured to fetch technical documentation and reference material from external sources, including official GitHub manuals, UX design resources from the Nielsen Norman Group, and design pattern documentation onskills.sh. These fetches are used as just-in-time references for syntax and behavior.
Audit Metadata