project-create-issues
Warn
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill suggests using
GIT_SSL_NO_VERIFY=1in sandbox environments. This setting disables TLS certificate validation, which allows for Man-in-the-Middle (MitM) attacks, potentially exposing GitHub authentication tokens or sensitive project data to network attackers. - [COMMAND_EXECUTION]: The skill instructs the agent to create issues using shell commands where external data is interpolated, such as
gh issue create --title "<ドラフトのタイトル>". If the titles or bodies of the draft items contain shell-sensitive characters (like backticks or semicolons), it could lead to arbitrary command execution in the environment where the agent is running. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted data from GitHub Projects.
- Ingestion points: Draft titles and bodies are retrieved using the
gh project item-listcommand (SKILL.md, Step 1 and Step 4). - Boundary markers: No boundary markers or clear separations are used to distinguish instructions from the processed project data.
- Capability inventory: The skill possesses significant capabilities, including issue creation, project item modification, and arbitrary GitHub API access via
gh api. - Sanitization: The instructions do not include any steps to sanitize or validate the content of the draft items before the agent uses them to perform actions or construct commands.
Audit Metadata