Skills
skills/chrislacey89/skills/prd-to-issues/Gen Agent Trust Hub

prd-to-issues

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill fetches and processes content from GitHub issues and comments, which exposes a surface for indirect prompt injection. Instructions contained within an external PRD or its comments could influence the agent's issue-generation logic.
  • Ingestion points: Data enters the agent context from the gh issue view command in SKILL.md (Step 1).
  • Boundary markers: The instructions do not include boundary markers or explicit warnings to disregard potential instructions within the fetched PRD body.
  • Capability inventory: The skill has repository write capabilities through the use of gh issue create and gh issue comment commands (Steps 7 and 8).
  • Sanitization: No content validation or sanitization is implemented for the ingested issue text.
  • Mitigation: The 'Quiz the User' step (Step 6) serves as a mandatory human-in-the-loop review checkpoint to verify the proposed issues before any write operations occur.
  • [COMMAND_EXECUTION]: The skill utilizes the GitHub CLI (gh) to interact with repository issues and milestones. The commands used (gh issue view, gh issue create, gh issue comment) are standard for the skill's project management purpose and are executed as part of a structured, user-verified workflow.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 04:58 PM
Security Audit — agent-trust-hub — prd-to-issues