triage
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data from issue reports and comments which creates an indirect prompt injection surface.
- Ingestion points: The skill reads the full issue context including body and comments as specified in
SKILL.md. - Boundary markers: No explicit delimiters or ignore instructions are provided to the agent for handling external data.
- Capability inventory: The agent has the ability to modify labels, post comments, close issues, write files to the
.out-of-scope/directory, and execute shell commands for bug reproduction. - Sanitization: There is no mention of sanitizing or escaping the ingested content.
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands and tests to verify bug reports.
- Evidence: In
SKILL.md, the agent is directed to 'run tests or commands' during the reproduction phase. This is a primary functionality of the skill but involves executing code from the target repository.
Audit Metadata