skills/ecology9191/skills/triage/Gen Agent Trust Hub

triage

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from issue tracker bodies and comments to drive its state machine and generate agent briefs. An attacker could craft an issue containing instructions that override the agent's logic, leading to incorrect labeling, data deletion in the .out-of-scope/ directory, or the generation of malicious agent briefs for downstream systems.
  • Ingestion points: SKILL.md (Gather context step reads full issue body, comments, and labels).
  • Boundary markers: None identified for untrusted data ingestion.
  • Capability inventory: File writes (.out-of-scope/), posting comments, label management, and command execution (bug reproduction).
  • Sanitization: No specific sanitization or validation of the issue content is mentioned.
  • [COMMAND_EXECUTION]: The instructions in SKILL.md direct the agent to "run tests or commands" based on the reporter's steps during bug reproduction. This provides a direct path for executing arbitrary code if a reporter provides malicious commands disguised as reproduction steps. While this is part of the skill's primary function, it lacks safety constraints or human-in-the-loop requirements for the execution phase.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 10:47 AM
Security Audit — agent-trust-hub — triage