feedback

Pass

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill constructs and executes a gh issue create command using variables such as {제목} (title) and {본문} (body) that are populated directly from user input. This pattern presents a potential command injection surface if the agent does not properly escape shell characters.
  • Evidence: The script template in SKILL.md used for registering issues via the GitHub CLI.
  • [PROMPT_INJECTION]: The skill ingests untrusted user feedback to generate structured issue reports, creating a surface for indirect prompt injection attacks.
  • Ingestion points: User input messages collected during the 'Information Collection' phase in SKILL.md.
  • Boundary markers: No delimiters or specific instructions are provided to the agent to treat the collected input as data rather than instructions.
  • Capability inventory: Subprocess execution via gh CLI commands.
  • Sanitization: No input validation, sanitization, or escaping logic is described in the workflow.
Audit Metadata
Risk Level
SAFE
Analyzed
May 17, 2026, 08:11 PM
Security Audit — agent-trust-hub — feedback