investigate
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted content from external platforms.
- Ingestion points: Slack message content and thread history (Step 1.1a) and Jira task descriptions, comments, and attachments (Step 1.1b) in SKILL.md.
- Boundary markers: Absent. The skill lacks explicit delimiters or instructions to treat fetched content as data rather than instructions, allowing potential malicious prompts in tickets to influence the agent.
- Capability inventory: The agent uses extracted context to perform codebase searches and execute
devsqlqueries (Step 2.1). - Sanitization: Absent. The skill directly interpolates terms found in external content into search queries and summaries without validation.
Audit Metadata