to-issues
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection, as it is designed to ingest and process untrusted data from external sources.
- Ingestion points: The skill reads user-provided project plans, specifications, PRDs, and fetches full bodies/comments from external issue trackers (SKILL.md, Step 1).
- Boundary markers: Absent. The instructions do not define delimiters or provide warnings to the agent to disregard instructions potentially embedded within the ingested data.
- Capability inventory: The skill has the capability to write to the project issue tracker by publishing new issues (SKILL.md, Step 5).
- Sanitization: No sanitization, validation, or filtering of the external content is performed before it is used to generate new issue titles and descriptions.
Audit Metadata