twg-engineering-work
Pass
Audited by Gen Agent Trust Hub on Jun 25, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues detected. The skill uses standard engineering tools (Jira, Bitbucket, GitHub) for its intended purpose of status reporting and summarization.\n- [PROMPT_INJECTION]: The skill processes external data from PRs and Jira issues, creating a surface for indirect prompt injection.\n
- Ingestion points: PR titles, descriptions, comments, and Jira workitem details are processed in SKILL.md.\n
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are specified for separating external data from processing instructions.\n
- Capability inventory: The skill uses specific tool command families for data retrieval and summarization; no arbitrary command execution or shell access is documented.\n
- Sanitization: No explicit sanitization or filtering of external content is described in the prompt logic.
Audit Metadata