create-task-ticket
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is entirely descriptive and focuses on formatting user input into specific templates for technical tickets (Refactor, Performance, Spike, etc.).
- [DATA_EXFILTRATION]: While the skill can interact with external issue trackers via Model Context Protocol (MCP), it explicitly instructs the agent to never file a ticket without explicit user confirmation, preventing unauthorized data transmission.
- [COMMAND_EXECUTION]: There are no shell commands, script execution patterns, or dynamic code generation found within the skill instructions.
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted user input (raw task descriptions). Although it lacks explicit delimiters to segregate user input from the system prompt, the strict requirement for a specific output format and mandatory human-in-the-loop confirmation for tool usage effectively mitigates the risk of an injection influencing external systems.
Audit Metadata