superplane-issue-logger
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill operates on the vendor's own documentation and repositories. It references docs.superplane.com and the superplanehq/superplane repository on GitHub.\n- [COMMAND_EXECUTION]: The skill utilizes GitHub MCP tools to create issues and manage project board items. These actions are triggered only after the user explicitly verifies and approves the drafted content.\n- [PROMPT_INJECTION]: The skill processes user-provided natural language descriptions to generate issue reports. This ingestion of untrusted data constitutes an indirect prompt injection surface.\n
- Ingestion points: User-provided natural language descriptions and local files in docs/contributing/.\n
- Boundary markers: None explicitly defined for the ingested data.\n
- Capability inventory: File write (tmp/pm_logger/), GitHub issue creation (issue_write), and project board modification (projects_write).\n
- Sanitization: None specified, though the manual review step serves as a validation mechanism.\n- [DATA_EXFILTRATION]: No unauthorized data transmission was detected. The skill writes drafts to a local tmp/pm_logger/ directory and sends finalized issue data to GitHub, both of which are consistent with its stated purpose.
Audit Metadata