to-issues
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It is designed to ingest and process untrusted data from project plans, specifications, or existing issues to decompose them into actionable tickets. If these source documents contain hidden instructions or malicious payloads, the agent could be manipulated during the issue creation or codebase exploration phase.
- Ingestion points: Project plans, requirements, or referenced issues fetched from the conversation or external trackers (e.g., GitHub, Linear).
- Boundary markers: Absent. The instructions do not define delimiters or provide warnings to ignore instructions embedded within the processed data.
- Capability inventory: The skill utilizes
Bash,Write,Edit,Read,Grep, andGlobtools across its workflow. - Sanitization: No evidence of input validation, escaping, or sanitization of external content before interpolation into the agent's context.
- [COMMAND_EXECUTION]: The skill uses the
Bashtool and references a local validator script (.agent-skills/skill-standardization/scripts/validate_skill.sh). While these tools are intended for legitimate development workflows, their use in an environment that processes external, potentially untrusted input creates a risk that could be exploited through the aforementioned injection vectors.
Audit Metadata