Skills
skills/lucasbayma/skills/candango-issues/Gen Agent Trust Hub

candango-issues

Pass

Audited by Gen Agent Trust Hub on May 26, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No malicious patterns or security vulnerabilities were identified in the skill. Its operations are limited to data processing and interaction with well-known project management services.
  • [PROMPT_INJECTION]: The skill processes untrusted data from user-provided feature plans, creating a surface for indirect prompt injection. This risk is mitigated by a mandatory user-approval checkpoint before any state-changing actions are taken.
  • Ingestion points: User-provided feature plans in the skill's main instruction flow.
  • Boundary markers: No delimiters are used to separate user input from the skill's instructions.
  • Capability inventory: Writing to the local file system (docs/features/) and calling tools for GitHub, Linear, and Jira integration.
  • Sanitization: No explicit data sanitization or validation is implemented.
Audit Metadata
Risk Level
SAFE
Analyzed
May 26, 2026, 03:32 PM
Security Audit — agent-trust-hub — candango-issues