triage
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data from an external issue tracker.
- Ingestion points: The skill reads issue bodies and comments in the context gathering phase (SKILL.md).
- Boundary markers: The instructions do not specify any delimiters or safety markers to isolate external content.
- Capability inventory: The agent can execute system commands, write to files, and interact with the GitHub/issue tracker API.
- Sanitization: No sanitization or validation of the ingested issue content is mentioned.
- [COMMAND_EXECUTION]: The skill explicitly directs the agent to run tests or commands to reproduce reported bugs based on steps provided in an issue (SKILL.md). This allows untrusted input from a reporter to directly influence shell command execution on the host environment.
Audit Metadata