backlog-manager
Pass
Audited by Gen Agent Trust Hub on Jun 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the GitHub Command Line Interface (
gh) to manage issues and projects. - Evidence: Multiple shell commands including
gh issue edit,gh issue comment, andgh project item-editare documented for use in Step 10 and the GitHub Adapter section. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection, an inherent risk for agents processing external tracker data.
- Ingestion points: Data enters the context via GitHub Issues, GitHub Projects, Linear boards, and local markdown files (
README.md,CLAUDE.md, backlog files) as described in Steps 1, 2, and 4. - Boundary markers: None identified. There are no instructions to wrap ingested issue content in delimiters or ignore embedded instructions within issue bodies.
- Capability inventory: The agent has the authority to edit labels, post comments, close issues, and modify project board statuses.
- Sanitization: None identified. The skill does not describe any validation or filtering logic for the text retrieved from issue trackers.
- [SAFE]: The skill includes several security-positive constraints.
- It defaults all operations to
dry-runto prevent accidental mutations. - It explicitly forbids the deletion of branches, limiting itself to reporting cleanup candidates.
Audit Metadata