create-git-issue

Warn

Audited by Gen Agent Trust Hub on Jul 5, 2026

Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The "Skill Isolation" section contains instructions for the agent to assume "sole active authority" and "suppress" any other skill activations, attempting to override platform-level orchestration and safety protocols.
  • [COMMAND_EXECUTION]: The skill explicitly directs the agent to attempt to execute the gh command "outside sandbox" if it fails within the sandbox environment (found in the Publishing Policy section), which represents a security boundary bypass attempt.
  • [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection due to its handling of external data.
  • Ingestion points: Processes content from technical_requirements.md and external issue bodies/comments fetched via user-provided references.
  • Boundary markers: The instructions lack defined markers or delimiters to separate untrusted external content from the agent's internal logic.
  • Capability inventory: The skill uses gh issue create for network writes and generates local files prd.md and issues.md in the workspace root.
  • Sanitization: There is no specified logic for sanitizing, escaping, or validating external content before it is interpolated into the final outputs.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jul 5, 2026, 04:28 PM
Security Audit — agent-trust-hub — create-git-issue