document-issues

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [SAFE]: The skill establishes a legitimate and safe workflow for identifying, searching, and recording development follow-up items.
  • [COMMAND_EXECUTION]: Utilizes git, gh (GitHub CLI), and nytid to perform repository-scoped operations. These tools are used for their intended purposes, such as verifying repository status, listing issues, and creating new issue entries.
  • [INDIRECT_PROMPT_INJECTION]: The skill presents an attack surface by ingesting external data when searching existing issues.
  • Ingestion points: External data enters the context via the output of gh issue list.
  • Boundary markers: Absent; there are no specific delimiters used to isolate external issue content from the agent's instructions.
  • Capability inventory: The skill has the capability to create new issues (gh issue create) and import data into a task manager (nytid todo import).
  • Sanitization: Absent; the skill relies on the agent's default handling of external content without explicit validation or escaping. However, the risk is minimal given the specific context of issue tracking.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 09:28 AM
Security Audit — agent-trust-hub — document-issues