issue-creation
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data from existing issues, pull requests, and discussions, which creates a surface for indirect prompt injection attacks.
- Ingestion points: Data enters the agent context through MCP tool searches of existing repository issues, PRs/MRs, and discussions as defined in SKILL.md.
- Boundary markers: The instructions explicitly require the agent to use boundary markers when incorporating external content into its context.
- Capability inventory: The skill utilizes MCP tools for searching and generates markdown text output; it lacks autonomous execution capabilities for modifying system state without user approval.
- Sanitization: The skill mandates treating all fetched content as data rather than instructions and strictly forbids the execution of code or commands embedded in external content.
- [COMMAND_EXECUTION]: The skill uses shell commands and platform-specific tools to detect project structures and resolve issue templates. It implements a security policy requiring explicit user consent before invoking tools that access external systems or modify the environment.
Audit Metadata