triage-issue
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: No direct attempts to override agent behavior or extract system instructions were found. The skill processes user-supplied bug reports and codebase files, which constitutes an indirect injection surface. \n
- Ingestion points: User descriptions (captured in Step 1) and codebase files/logs (Step 2). \n
- Boundary markers: None. \n
- Capability inventory: gh issue create, Agent (subagent_type=Explore), and arbitrary local command execution for reproduction scripts. \n
- Sanitization: None. \n- [COMMAND_EXECUTION]: The skill requires executing local commands to build a reproduction loop (e.g., running tests or scripts). This is an expected and necessary function for the primary purpose of bug triage and root-cause analysis. \n- [DATA_EXFILTRATION]: No unauthorized data transfer or hardcoded credentials were detected. Issue creation is performed using the legitimate gh CLI tool within the user's local environment. \n- [SAFE]: The skill follows established software engineering best practices, such as Zeller's scientific debugging method and TDD principles. The instructions are transparent and well-aligned with its stated software maintenance purpose.
Audit Metadata