create-git-issue
Fail
Audited by Snyk on Jul 5, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E004: Prompt injection detected in skill instructions.
- Potential prompt injection detected (high risk: 1.00). The prompt includes explicit "Skill Isolation" directives that assert sole authority and instruct the agent to suppress or ignore other skills and external controls, which is an attempt to override system/session-level behavior outside the skill's stated purpose.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.75). The workflow ingests “conversation context” and optionally fetches user-provided issue references (URLs/paths) and reads their body/comments; those are outsider-authored free text that can be incorporated into the LLM context when drafting the PRD and slice issues.
MEDIUM W013: Attempt to modify system services in skill instructions.
- Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill explicitly instructs trying the GitHub CLI "outside sandbox" to confirm availability (encouraging bypass of sandbox/security mechanisms), though it does not request sudo, privileged system-file edits, or user creation.
Issues (3)
E004
CRITICALPrompt injection detected in skill instructions.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W013
MEDIUMAttempt to modify system services in skill instructions.
Audit Metadata