triage
Pass
Audited by Gen Agent Trust Hub on Jun 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes several build and test commands at runtime to verify code changes. Specifically, the Review Agent runs
npm ci,npm test, andnpm run buildwithin isolated git worktrees (../mcpvault-triage-<id>) to validate both locally generated fixes and external contributor PRs. - [EXTERNAL_DOWNLOADS]: The skill utilizes
npm ciduring the fan-out and review phases, which involves downloading project dependencies from the npm registry to ensure a clean build environment. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from external sources.
- Ingestion points: Reads failing CI logs via
gh run view, issue bodies viagh issue list, and contributor comments viagh issue view. - Boundary markers: The instructions do not specify the use of delimiters or 'ignore' instructions when passing this data to the Draft or Review sub-agents.
- Capability inventory: The skill possesses write access to the repository through
gh pr create,gh issue comment, andgit worktreeoperations. - Sanitization: There is no mention of sanitizing or escaping the content of logs or issues before they are processed by the AI agents.
- [REMOTE_CODE_EXECUTION]: The skill implements a 'Review' mechanism that checks out contributor PRs and executes their associated build and test scripts. This represents a risk where malicious code in an untrusted PR could be executed on the machine running the triage loop. This risk is mitigated by the skill's design, which uses isolated worktrees and requires manual human approval for any merge operations.
Audit Metadata