to-issues
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, unauthorized access, or suspicious code detected. The skill uses standard tools for its intended purpose and follows the best practice of requiring human approval before performing actions.
- [PROMPT_INJECTION]: The skill ingests untrusted data from plans and external GitHub issue comments, which creates an indirect prompt injection surface. This is mitigated by a mandatory human approval step before any issues are created.
- Ingestion points: Processes context-provided plans, specs, and PRDs, as well as data from
gh issue viewin SKILL.md. - Boundary markers: No specific delimiters or boundary markers are present to separate instructions from untrusted data.
- Capability inventory: Capabilities are limited to viewing and creating GitHub issues via the
ghtool. - Sanitization: No input sanitization is performed, though the skill requires human approval of the plan before execution.
Audit Metadata