to-issues
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external data, which creates a surface for indirect prompt injection attacks.
- Ingestion points: The agent is instructed to fetch and read issue bodies and comments from an issue tracker, and process user-provided documents like PRDs or plans (SKILL.md, Step 1).
- Boundary markers: There are no explicit delimiters or specific instructions provided to the agent to treat ingested data as untrusted or to ignore embedded commands.
- Capability inventory: The agent has permissions to read the local codebase and write (publish) new issues to a project's issue tracker.
- Sanitization: The instructions do not specify any sanitization for the input data. However, the skill includes a mandatory human-in-the-loop (HITL) review step (Step 4: Quiz the user) which provides a checkpoint for the user to verify the agent's proposed actions before any data is published.
Audit Metadata