autopilot-issues
Pass
Audited by Gen Agent Trust Hub on Jul 7, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill operates within a strictly defined automation loop that prioritizes security through multiple validation layers called 'merge gates'.
- [SAFE]: It explicitly prohibits the automated merging of sensitive code, such as credentials, authentication policies, or legal compliance text, necessitating human review for these categories.
- [INDIRECT_PROMPT_INJECTION]: Risk is handled with comprehensive guardrails:
- Ingestion points: The skill processes issue descriptions, comments, and PR data from the repository's configured forge (e.g., GitHub or GitLab).
- Boundary markers: Work is scoped by repository labels ('ready-for-agent') and verified against a specific ledger/worktree layout maintained by subagents.
- Capability inventory: Operations include Git state management, tracker/forge API interactions, and delegation to implementation subagents.
- Sanitization: Verification steps include checking that diffs stay within acceptance criteria and ensuring no production secrets or destructive migrations are present.
- [SAFE]: The skill relies on pre-configured repository tools and does not introduce external dependencies or execute arbitrary remote scripts during its execution loop.
Audit Metadata