to-issues
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill has an indirect prompt injection attack surface as it ingests untrusted data from external issue trackers.
- Ingestion points: Step 1 in SKILL.md fetches content from the project's issue tracker.
- Boundary markers: None identified; external data is not wrapped in delimiters or accompanied by instructions to ignore embedded commands.
- Capability inventory: The skill uses the gh CLI to perform write operations (creating issues).
- Sanitization: No sanitization or validation of the fetched content is performed.
- Mitigation: The risk is effectively mitigated by Step 4, which requires the agent to wait for explicit human approval before publishing any issues to the tracker.
- [NO_CODE]: The skill consists exclusively of instructional documentation and does not include any executable scripts, binaries, or configuration files.
Audit Metadata