project-init
Pass
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the GitHub CLI (
gh) to perform project management operations, including creating projects (gh project create), linking them to repositories (gh project link), and managing fields (gh project field-create). - [COMMAND_EXECUTION]: The skill documentation suggests using
GIT_SSL_NO_VERIFY=1when running in sandbox environments. This disables SSL certificate verification to bypass network restrictions, which is a security trade-off that could expose the connection to intercepting attacks. - [PROMPT_INJECTION]: The skill defines an indirect prompt injection surface where user-supplied content is interpolated into shell commands.
- Ingestion points: The skill accepts project titles and descriptions directly from user input as shown in Step 1 and Step 5 of
SKILL.md. - Boundary markers: The instructions use double quotes to wrap variables in shell commands (e.g.,
--title "<タイトル>"). - Capability inventory: The skill possesses the capability to execute shell commands via the
ghCLI to modify GitHub resources. - Sanitization: The instructions do not specify any validation or sanitization routines for the user-provided strings before they are executed in the shell.
Audit Metadata