recoup-internal-dev-issue-tracker
Pass
Audited by Gen Agent Trust Hub on Jul 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates the reading of untrusted data from GitHub issues, creating a surface for indirect prompt injection attacks.
- Ingestion points: The agent is instructed to use the
gh issue viewcommand to read existing tracking issues as documented in SKILL.md. - Boundary markers: The instructions lack specific delimiters or "ignore previous instructions" warnings to encapsulate and isolate user-generated issue content.
- Capability inventory: The agent possesses write capabilities, including
gh issue create,gh issue edit, andgh issue comment. - Sanitization: While the skill includes a safety rule against hardcoding secrets, it does not define validation or sanitization requirements for the text processed from external issues.
- [COMMAND_EXECUTION]: The skill requires the use of the GitHub CLI (
gh) to perform its primary functions. These operations are scoped to therecoupableorganization repositories, which are part of the vendor's own infrastructure.
Audit Metadata