ai-bug-triage
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to process external, untrusted data (CI logs and error reports), which introduces a surface for indirect prompt injection attacks where malicious instructions could be embedded in the logs to influence the agent's behavior.
- Ingestion points: External CI logs and error reports processed by the classification and ticket generation steps (SKILL.md).
- Boundary markers: Absent; the provided LLM prompts do not use specific delimiters or instructions to ignore embedded commands in the input data.
- Capability inventory: The skill documents the use of the GitHub CLI (
gh) to create and manage issues, providing a potential action vector for successful injections (SKILL.md). - Sanitization: While the skill performs normalization to strip timestamps and IDs for stability, it does not sanitize the logs for potential instruction-based injection.
- Mitigation: The skill explicitly mandates human review and approval (Step 7) before any automated actions are taken, significantly reducing the risk of exploitation.
- [COMMAND_EXECUTION]: The skill provides integration examples using standard command-line tools like the GitHub CLI (
gh) andjq. These commands are used to automate ticket creation and are consistent with the skill's stated purpose of defect management.
Audit Metadata