to-issues
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or unauthorized data access attempts were detected in the skill's instructions.
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it is designed to ingest and process external content from issue trackers (Step 1).
- Ingestion points: The skill fetches full bodies and comments from issue trackers in SKILL.md.
- Boundary markers: Absent; there are no explicit delimiters or instructions provided to ignore potentially malicious prompts within the fetched issue data.
- Capability inventory: The skill has the capability to publish new content to the issue tracker (Step 5).
- Sanitization: Absent; the skill does not specify sanitization or validation of the fetched external text.
- Mitigation: The skill includes a mandatory human-review checkpoint (Step 4: Quiz the user) which prevents automated execution of potentially malicious instructions without user oversight.
Audit Metadata