Skills
skills/sethgammon/citadel/triage/Gen Agent Trust Hub

triage

Pass

Audited by Gen Agent Trust Hub on May 5, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted data from GitHub issues and pull requests, creating a surface for indirect prompt injection. An attacker could craft issue content to manipulate the agent's analysis or proposed fixes.
  • Ingestion points: The skill fetches external content using gh issue view, gh issue list, gh pr view, and gh pr diff as described in SKILL.md.
  • Boundary markers: The instructions do not define clear delimiters or specific warnings to the model about ignoring instructions within the fetched data.
  • Capability inventory: The skill has the ability to run shell commands via git and gh, including branch creation, commits, pushes, and labeling issues (SKILL.md).
  • Sanitization: No explicit sanitization or filtering of the fetched GitHub content is performed before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
May 5, 2026, 10:50 AM