triage-issue-reports

Pass

Audited by Gen Agent Trust Hub on Jun 24, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted user data from external Slack reports, creating a surface for indirect prompt injection.
  • Ingestion points: Processes Slack root messages, replies, and technical attachments such as logs, traces, screenshots, and crash text as described in SKILL.md (Sections 2 and 3).
  • Boundary markers: The instructions do not specify the use of clear delimiters or instructions to ignore embedded commands within the report text.
  • Capability inventory: The agent has the capability to create and update issues in configured trackers (e.g., Linear, GitHub) and post messages back to Slack threads (SKILL.md Sections 6, 8, and 9).
  • Sanitization: The skill employs architectural mitigation by delegating data processing to read-only workers that lack write credentials, restricting powerful actions to a central coordinator.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 24, 2026, 08:54 PM
Security Audit — agent-trust-hub — triage-issue-reports