feedback
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill constructs and executes a
gh issue createcommand using variables such as{제목}(title) and{본문}(body) that are populated directly from user input. This pattern presents a potential command injection surface if the agent does not properly escape shell characters. - Evidence: The script template in
SKILL.mdused for registering issues via the GitHub CLI. - [PROMPT_INJECTION]: The skill ingests untrusted user feedback to generate structured issue reports, creating a surface for indirect prompt injection attacks.
- Ingestion points: User input messages collected during the 'Information Collection' phase in
SKILL.md. - Boundary markers: No delimiters or specific instructions are provided to the agent to treat the collected input as data rather than instructions.
- Capability inventory: Subprocess execution via
ghCLI commands. - Sanitization: No input validation, sanitization, or escaping logic is described in the workflow.
Audit Metadata