skills/akillness/jeo-skills/to-issues/Gen Agent Trust Hub

to-issues

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It is designed to ingest and process untrusted data from project plans, specifications, or existing issues to decompose them into actionable tickets. If these source documents contain hidden instructions or malicious payloads, the agent could be manipulated during the issue creation or codebase exploration phase.
  • Ingestion points: Project plans, requirements, or referenced issues fetched from the conversation or external trackers (e.g., GitHub, Linear).
  • Boundary markers: Absent. The instructions do not define delimiters or provide warnings to ignore instructions embedded within the processed data.
  • Capability inventory: The skill utilizes Bash, Write, Edit, Read, Grep, and Glob tools across its workflow.
  • Sanitization: No evidence of input validation, escaping, or sanitization of external content before interpolation into the agent's context.
  • [COMMAND_EXECUTION]: The skill uses the Bash tool and references a local validator script (.agent-skills/skill-standardization/scripts/validate_skill.sh). While these tools are intended for legitimate development workflows, their use in an environment that processes external, potentially untrusted input creates a risk that could be exploited through the aforementioned injection vectors.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 07:06 AM
Security Audit — agent-trust-hub — to-issues