feature-intake
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from stakeholder requirements and existing GitHub issues to generate new issue content. 1. Ingestion points: Stakeholder requests (user input), remote GitHub issue searches (SKILL.md Step 3), and local project documentation (SKILL.md Step 4). 2. Boundary markers: None identified; untrusted data is directly interpolated into drafting templates. 3. Capability inventory: The skill can create GitHub issues (SKILL.md Step 9) and modify GitHub Project boards (SKILL.md Step 9). 4. Sanitization: No input validation or output escaping is performed on the ingested content before it is used to draft issue bodies.
- [COMMAND_EXECUTION]: The skill relies on executing shell commands to interact with the system environment and GitHub services. 1. Evidence: Uses the GitHub CLI (gh) for repository and project management, Git for checking branch state, and ripgrep (rg) for searching local files. 2. Mitigation: The skill correctly requires explicit user confirmation before performing any write operations to the repository or project board, which helps mitigate the risk of unauthorized actions.
Audit Metadata