twg-engineering-work

Pass

Audited by Gen Agent Trust Hub on Jun 25, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No security issues detected. The skill uses standard engineering tools (Jira, Bitbucket, GitHub) for its intended purpose of status reporting and summarization.\n- [PROMPT_INJECTION]: The skill processes external data from PRs and Jira issues, creating a surface for indirect prompt injection.\n
  • Ingestion points: PR titles, descriptions, comments, and Jira workitem details are processed in SKILL.md.\n
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are specified for separating external data from processing instructions.\n
  • Capability inventory: The skill uses specific tool command families for data retrieval and summarization; no arbitrary command execution or shell access is documented.\n
  • Sanitization: No explicit sanitization or filtering of external content is described in the prompt logic.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 25, 2026, 02:06 AM
Security Audit — agent-trust-hub — twg-engineering-work