refine-task

Pass

Audited by Gen Agent Trust Hub on Jul 9, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill implements a comprehensive security policy that classifies all external data (Jira/GitHub bodies, comments, and fetched pages) as untrusted content. It explicitly instructs the agent to ignore any imperative or meta-instructions found within this data, mitigating indirect prompt injection risks.
  • [SAFE]: A strict mutation boundary is established and enforced. The skill is explicitly forbidden from modifying tracker metadata, descriptions, assignees, or statuses. The only permitted write operation is posting a single refinement comment, which is protected by multiple security gates.
  • [SAFE]: Posting a comment requires a multi-step verification process, including a human-in-the-loop confirmation, a quality checklist validation, and an idempotency check to prevent duplicate or automated spamming of the tracker.
  • [SAFE]: Sensitive recommendations (such as suggesting security tasks or architectural spikes) are gated. If the user has not provided explicit approval in the conversation, these recommendations are automatically neutralized into neutral questions to prevent the AI from making unauthorized process decisions.
  • [SAFE]: The skill references only well-known and trusted official documentation (e.g., Atlassian, GitHub, Google SRE, OWASP) for verifying technical claims, ensuring that implementation readiness is grounded in authoritative sources.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 9, 2026, 03:51 PM
Security Audit — agent-trust-hub — refine-task