triage
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by ingesting and acting upon untrusted data from external issue trackers.
- Ingestion points: The skill reads the full content of issues, including the body, comments, and reporter information as specified in the 'Triage a specific issue' section of SKILL.md.
- Boundary markers: There are no specified delimiters (such as XML tags or triple backticks) or instructions to ignore embedded commands within the ingested issue content.
- Capability inventory: The agent has the authority to query issue trackers, write out-of-scope enhancements to the filesystem ('.out-of-scope/'), and execute shell commands or tests.
- Sanitization: The instructions do not define any sanitization, escaping, or validation steps for the data retrieved from issue comments before it is processed by the agent.
- [COMMAND_EXECUTION]: The skill instructions explicitly direct the agent to perform local command execution for bug reproduction.
- Evidence: In the 'Reproduce (bugs only)' section, the agent is instructed to 'run tests or commands' and 'trace relevant code' based on the reporter's provided steps.
Audit Metadata