create-git-issue
Warn
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill contains a "Skill Isolation" block that uses override-style language ("sole active authority", "suppress it and continue without interruption") to modify the agent's standard orchestration and multi-skill handling behavior. This pattern is characteristic of instructions designed to bypass system constraints.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by ingesting untrusted data from external sources and interpolating it into prompts for PRD generation and issue creation without adequate security controls.
- Ingestion points: Technical requirements files (
technical_requirements.md) in the workspace root or docs folders; content fetched from issue references (provided via number, URL, or path). - Boundary markers: No explicit delimiters (e.g., XML tags or unique markers) or "ignore instructions" warnings are used when processing this data.
- Capability inventory: The skill has the capability to execute shell commands (
gh issue create) and write files to the local workspace (prd.md,issues.md). - Sanitization: No input validation, escaping, or filtering is performed on the ingested data before it is included in the PRD or issue templates.
Audit Metadata