Skills
skills/dedalus-erp-pas/foundation-skills/issue-review/Gen Agent Trust Hub

issue-review

Pass

Audited by Gen Agent Trust Hub on Apr 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes git, glab, and gh CLI commands to fetch project data and post comments. These operations occur autonomously based on issue identifiers provided by the user.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it ingests and processes untrusted text from external issue trackers.\n
  • Ingestion points: Untrusted data is retrieved from issue titles, descriptions, and comments via GitLab and GitHub CLI tools as defined in SKILL.md.\n
  • Boundary markers: Prompt templates in Step 4 use simple headers like **Description:** for data interpolation but do not employ robust isolation techniques or instructions to ignore embedded commands.\n
  • Capability inventory: The skill possesses the ability to read the local codebase and issue history, and can write public comments to the issue tracker.\n
  • Sanitization: There is no evidence of sanitization or content filtering for the data fetched from external sources before it is passed to AI sub-agents.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 10, 2026, 07:54 AM