skills/jei-skappa/skills/open-thread/Gen Agent Trust Hub

open-thread

Pass

Audited by Gen Agent Trust Hub on Jul 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill requires the agent to use external tracker CLI or API tools to retrieve ticket metadata and post backlink comments as part of the linking process.\n- [EXTERNAL_DOWNLOADS]: Content is fetched from external tracker URLs to populate the initial 'seed' narrative of the thread.\n- [DATA_EXFILTRATION]: The skill transmits a permalink of the local thread folder to the external tracker system to maintain a record of the associated work.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface through its integration with external ticket data.\n
  • Ingestion points: Ticket titles and bodies are read from external trackers in 'Mode B' (SKILL.md).\n
  • Boundary markers: No explicit boundary markers or safety instructions are provided to separate the ingested ticket content from the agent's internal instructions.\n
  • Capability inventory: The agent possesses file-writing capabilities on the local system and network-writing capabilities via the tracker API.\n
  • Sanitization: There is no evidence of sanitization or validation of the externally sourced ticket data before it is incorporated into the thread.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 1, 2026, 07:34 AM
Security Audit — agent-trust-hub — open-thread