triage
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from issue reports and comments to guide its recommendations.
- Ingestion points: Reads issue bodies, comments, labels, and reporter history from the project's issue tracker (SKILL.md).
- Boundary markers: Absent; the instructions do not define delimiters or provide specific 'ignore embedded instructions' warnings for the data being parsed.
- Capability inventory: The skill can post comments, apply labels, close issues, and write markdown files to the
.out-of-scope/directory (SKILL.md, OUT-OF-SCOPE.md). - Sanitization: Absent; no explicit sanitization or validation of external issue content is performed before interpolation into the triage logic.
- [COMMAND_EXECUTION]: The skill references and uses internal platform commands such as
/setup-red-skillsfor label mapping and/startfor interactive sessions. These appear to be vendor-specific tools provided by 'reddb-io'.
Audit Metadata