to-issues
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection. Ingestion points: It reads plans, specifications, PRDs, and issue comments from the conversation context or external tracker references (SKILL.md). Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands within the processed text. Capability inventory: The agent has the ability to explore the codebase and publish new issues to a project tracker. Sanitization: No sanitization or validation of the input content is implemented.
- [NO_CODE]: The skill consists entirely of instructional text and metadata within a markdown file, with no accompanying scripts or binary executables.
Audit Metadata