document-issues
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill establishes a legitimate and safe workflow for identifying, searching, and recording development follow-up items.
- [COMMAND_EXECUTION]: Utilizes
git,gh(GitHub CLI), andnytidto perform repository-scoped operations. These tools are used for their intended purposes, such as verifying repository status, listing issues, and creating new issue entries. - [INDIRECT_PROMPT_INJECTION]: The skill presents an attack surface by ingesting external data when searching existing issues.
- Ingestion points: External data enters the context via the output of
gh issue list. - Boundary markers: Absent; there are no specific delimiters used to isolate external issue content from the agent's instructions.
- Capability inventory: The skill has the capability to create new issues (
gh issue create) and import data into a task manager (nytid todo import). - Sanitization: Absent; the skill relies on the agent's default handling of external content without explicit validation or escaping. However, the risk is minimal given the specific context of issue tracking.
Audit Metadata