report-issue
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill instructions are focused on legitimate operational tasks related to issue tracking. There are no indications of prompt injection attempts, credential theft, or unauthorized network activity.
- [SAFE]: External tool calls (
list-taxonomy,search-tasks,report-bug,report-feature-request) are restricted to the One Horizon MCP environment as described in the metadata. The skill does not attempt to download or execute external code. - [INDIRECT_PROMPT_INJECTION]: The skill has a surface for indirect prompt injection because it processes untrusted user input to generate bug and feature reports. However, the capabilities are limited to record creation in a managed system.
- Ingestion points: User-provided bug symptoms, feature requests, and reproduction steps (SKILL.md).
- Boundary markers: Absent. The instructions do not explicitly tell the agent to use delimiters or ignore instructions embedded in user-supplied text.
- Capability inventory:
report-bug,report-feature-request,search-tasks, andlist-taxonomy(SKILL.md). - Sanitization: Absent. The agent is instructed to use the user's input to create a markdown description for the new record.
Audit Metadata