to-issues
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes external project documentation and issue tracker content.
- Ingestion points: Reads issue bodies, comments, and project specifications (SKILL.md).
- Boundary markers: Lacks explicit separators for untrusted data.
- Capability inventory: Authorized to read codebase files and create issues in the project tracker.
- Sanitization: Does not explicitly sanitize external text.
- Mitigation: The workflow includes a mandatory user approval step ('Quiz the user') before any issues are published, which effectively mitigates the risk of the agent acting on malicious instructions hidden in the documentation.
Audit Metadata