create-git-issue

Fail

Audited by Snyk on Jul 5, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E004: Prompt injection detected in skill instructions.

  • Potential prompt injection detected (high risk: 1.00). The prompt includes explicit "Skill Isolation" directives that assert sole authority and instruct the agent to suppress or ignore other skills and external controls, which is an attempt to override system/session-level behavior outside the skill's stated purpose.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.75). The workflow ingests “conversation context” and optionally fetches user-provided issue references (URLs/paths) and reads their body/comments; those are outsider-authored free text that can be incorporated into the LLM context when drafting the PRD and slice issues.

MEDIUM W013: Attempt to modify system services in skill instructions.

  • Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill explicitly instructs trying the GitHub CLI "outside sandbox" to confirm availability (encouraging bypass of sandbox/security mechanisms), though it does not request sudo, privileged system-file edits, or user creation.

Issues (3)

E004
CRITICAL

Prompt injection detected in skill instructions.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W013
MEDIUM

Attempt to modify system services in skill instructions.

Audit Metadata
Risk Level
CRITICAL
Analyzed
Jul 5, 2026, 04:28 PM
Issues
3
Security Audit — snyk — create-git-issue