creating-github-child-issues

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its ingestion of local plan files. \n- Ingestion points: Task data (objectives, requirements, and notes) is read from docs/<ISSUE_SLUG>-tasks.md within task-issue-creator.md. \n- Boundary markers: The skill uses markdown headers for parsing but does not implement explicit delimiters or instructions to ignore instructions within the task content. \n- Capability inventory: The skill has the capability to execute gh issue create and gh api calls. \n- Sanitization: Task content is interpolated directly into issue templates without validation or escaping. \n- [COMMAND_EXECUTION]: The skill utilizes the GitHub CLI (gh) and the GitHub REST API to perform repository operations. Commands are dynamically constructed based on templates and input derived from user-provided URLs and the local task plan. \n- [EXTERNAL_DOWNLOADS]: The skill is configured to fetch technical documentation and reference material from external sources, including official GitHub manuals, UX design resources from the Nielsen Norman Group, and design pattern documentation on skills.sh. These fetches are used as just-in-time references for syntax and behavior.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 01:30 AM
Security Audit — agent-trust-hub — creating-github-child-issues