matthew-a-carr/draft-epic
Draft an EPIC from a GitHub issue and open a PR for review. Use when triggered by a routine on `Issue opened` with label `ai:plan-epic`, or when a user asks to "draft an epic from issue #NNN". Non-interactive — proceeds on best interpretation and surfaces unresolved questions in the EPIC's §Open Questions section rather than blocking. The PR review loop resolves ambiguity. Does NOT write child SPECs — slice SPECs are drafted lazily by the `draft-spec` routine when the human files one `ai:plan` issue per slice after the EPIC PR is merged.
83
90%
Does it follow best practices?
Impact
87%
1.14xAverage score across 2 eval scenarios
Advisory
Suggest reviewing before use
Security
1 medium severity finding. This skill can be installed but you should review these findings before use.
W011: Third-party content exposure detected (indirect prompt injection risk)
What this means
The skill exposes the agent to untrusted, user-generated content from public third-party sources, creating a risk of indirect prompt injection. This includes browsing arbitrary URLs, reading social media posts or forum comments, and analyzing content from unknown websites.
Why it was flagged
Third-party content exposure detected (high risk: 0.85). Routine mode reads the GitHub issue body via `mcp__github__issue_read` (outsider-authored issue/PR/comment text from other contributors) and then uses that text to draft the EPIC and PR body, so it can feed arbitrary free-form outsider content into the LLM context.
- Audited
- Security analysis