triage-bugs
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from bug reports and external issue trackers which could contain instructions intended to override the agent's behavior.
- Ingestion points: Data is pulled from $ARGUMENTS, conversation context, and user-referenced files or issue trackers (SKILL.md, Workflow Step 2).
- Boundary markers: The skill does not define or use explicit delimiters (like XML tags) or safety instructions to isolate untrusted bug content from the agent's core instructions (SKILL.md, Workflow).
- Capability inventory: The skill has access to tools including Bash, Read, Glob, and Grep, which provide significant file system interaction capabilities that could be misused if an injection succeeds (SKILL.md, Allowed-tools).
- Sanitization: There is no mention of sanitizing, validating, or escaping external bug descriptions before they are used in the priority calculation or written into final triage reports (SKILL.md, Workflow Step 10).
Audit Metadata