create-git-issue
Warn
Audited by Gen Agent Trust Hub on Jul 5, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The "Skill Isolation" section contains instructions for the agent to assume "sole active authority" and "suppress" any other skill activations, attempting to override platform-level orchestration and safety protocols.
- [COMMAND_EXECUTION]: The skill explicitly directs the agent to attempt to execute the
ghcommand "outside sandbox" if it fails within the sandbox environment (found in the Publishing Policy section), which represents a security boundary bypass attempt. - [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection due to its handling of external data.
- Ingestion points: Processes content from
technical_requirements.mdand external issue bodies/comments fetched via user-provided references. - Boundary markers: The instructions lack defined markers or delimiters to separate untrusted external content from the agent's internal logic.
- Capability inventory: The skill uses
gh issue createfor network writes and generates local filesprd.mdandissues.mdin the workspace root. - Sanitization: There is no specified logic for sanitizing, escaping, or validating external content before it is interpolated into the final outputs.
Audit Metadata