recoup-internal-dev-issue-tracker

Pass

Audited by Gen Agent Trust Hub on Jul 17, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill facilitates the reading of untrusted data from GitHub issues, creating a surface for indirect prompt injection attacks.
  • Ingestion points: The agent is instructed to use the gh issue view command to read existing tracking issues as documented in SKILL.md.
  • Boundary markers: The instructions lack specific delimiters or "ignore previous instructions" warnings to encapsulate and isolate user-generated issue content.
  • Capability inventory: The agent possesses write capabilities, including gh issue create, gh issue edit, and gh issue comment.
  • Sanitization: While the skill includes a safety rule against hardcoding secrets, it does not define validation or sanitization requirements for the text processed from external issues.
  • [COMMAND_EXECUTION]: The skill requires the use of the GitHub CLI (gh) to perform its primary functions. These operations are scoped to the recoupable organization repositories, which are part of the vendor's own infrastructure.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 17, 2026, 03:07 AM