create-issue
Warn
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the GitHub CLI (
gh) to perform actions on repositories. It explicitly recommends the use ofGIT_SSL_NO_VERIFY=1when running in sandbox environments. Disabling SSL/TLS certificate verification is a dangerous practice that leaves the connection vulnerable to Man-in-the-Middle (MitM) attacks, potentially allowing attackers to intercept or modify GitHub API traffic. - [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection because it processes untrusted user input and uses it to construct shell commands.
- Ingestion points: User-provided task descriptions, background information, and individual task breakdowns are used to populate issue titles and bodies.
- Boundary markers: Absent. The skill does not use any delimiters or specific instructions to prevent the agent from following instructions embedded within the user-provided data.
- Capability inventory: The skill has the ability to execute shell commands via
gh issue createandgh apito create and modify resources on GitHub. - Sanitization: Absent. There are no instructions to sanitize or validate the user input before it is interpolated into the shell command strings.
Audit Metadata