bug-triage
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [SAFE]: The skill operates entirely on local project-specific files within the production/qa/ and production/sprints/ directories. It does not attempt to access sensitive system files like SSH keys or environment variables.
- [SAFE]: The skill does not request network access or perform any external downloads. All processing is strictly local.
- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection because it processes untrusted bug report content. Ingestion points: files in production/qa/bugs/. Boundary markers: Absent. Capability inventory: Read, Glob, Grep, Write, and Edit tools. Sanitization: None provided in instructions. This risk is mitigated by a mandatory human-in-the-loop approval step before any files are written to disk.
- [NO_CODE]: The skill contains only natural language instructions and markdown templates; it does not include any executable scripts, shell commands, or compiled binaries.
Audit Metadata