triage
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests untrusted content from issue trackers without adequate isolation.
- Ingestion points: In SKILL.md (Triage a specific issue -> Gather context), the agent reads the full issue body and comments from the tracker.
- Boundary markers: There are no delimiters or instructions to treat the issue data as untrusted or to ignore instructions embedded within it.
- Capability inventory: The skill is capable of running tests and shell commands (SKILL.md, Step 3: Reproduce), reading the codebase, and writing markdown files to the '.out-of-scope/' directory.
- Sanitization: No sanitization or validation of the ingested external content is mentioned.
- [COMMAND_EXECUTION]: The instructions for bug reproduction create a pathway for arbitrary command execution.
- Evidence: SKILL.md instructs the agent to 'read the reporter's steps... run tests or commands' to attempt reproduction. A malicious reporter could embed dangerous shell commands in an issue body that the agent would then execute on the local system.
Audit Metadata