issue
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands using the GitHub CLI (
gh issue create,gh issue list) to interact with the project repository. This is the primary function of the skill and is handled via standard developer tools.\n- [DATA_EXFILTRATION]: The skill accesses local project information, specifically readingCLAUDE.mdand checking the.gitdirectory, to automatically identify whether to use GitHub or Linear for issue tracking.\n- [PROMPT_INJECTION]: The skill ingests user input for issue descriptions and titles, which are then passed to external tools. This creates a surface for indirect prompt injection, although the risk is mitigated by the skill's specific role and common usage environment.\n - Ingestion points: User-provided description input via the
/issuecommand defined inSKILL.md.\n - Boundary markers: Absent; the skill relies on the agent to correctly format command arguments without explicit delimiter instructions.\n
- Capability inventory: Executes
ghCLI commands and utilizes Linear MCP tools for issue creation and retrieval.\n - Sanitization: The skill includes a 'rewrite' policy in
references/feature-request-policy.mdto convert technical language into user-facing outcomes, providing a layer of content transformation, though not designed specifically for security sanitization.
Audit Metadata