gleap-analyzer
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses MCP tools (
mcp__gleap__*) to fetch ticket data. Authentication and project scoping are handled by the platform context, avoiding the need for hardcoded credentials or API keys. - [SAFE]: The workflow includes a clear security boundary for untrusted data. It explicitly instructs the agent to treat ticket content as factual context only and to ignore any commands or instructions embedded within the ticket data, which effectively mitigates Indirect Prompt Injection (Category 8).
- [SAFE]: The skill implements strict input validation for the ticket ID using a regular expression (
/^[0-9a-f]{24}$/i) before calling any tools. - [SAFE]: All operations are read-only and involve retrieving ticket metadata, messages, and activity logs. No dangerous capabilities such as file modification, command execution, or network exfiltration to unknown domains were detected.
Audit Metadata