skills/ecology9191/skills/to-issues/Gen Agent Trust Hub

to-issues

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from an external issue tracker.
  • Ingestion points: The skill fetches and reads the full body and comments of issues from a project issue tracker (SKILL.md, Step 1).
  • Boundary markers: There are no explicit instructions or delimiters used to isolate external issue content from the agent's internal instructions.
  • Capability inventory: The agent can perform codebase exploration and execute commands via the bd (Beads) tool to create issues and manage task dependencies.
  • Sanitization: There is no evidence of sanitization or validation of the text fetched from the issue tracker before it is processed by the agent.
  • [COMMAND_EXECUTION]: The skill uses the bd (Beads) CLI tool to perform issue management tasks.
  • Evidence: The skill instructs the agent to use bd create and bd dep add to publish issues and record dependencies.
  • Context: These commands are part of the core functionality for interacting with the project's issue tracker and do not appear to involve arbitrary command injection or suspicious execution patterns.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 10:47 AM
Security Audit — agent-trust-hub — to-issues