triage
Pass
Audited by Gen Agent Trust Hub on Jun 27, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted data from external contributors without sanitization.
- Ingestion points: The agent is instructed in
SKILL.md(Step 1 of 'Triage a specific issue') to read the full body and all comments of GitHub issues. - Boundary markers: Absent. The instructions do not specify delimiters or warnings to ignore instructions embedded in the issue content.
- Capability inventory: The agent has the ability to run shell commands (
SKILL.md, Step 3), write files to the repository (SKILL.md, Step 5), and interact with the issue tracker API (labels, comments, closing issues). - Sanitization: Absent. There are no instructions to validate or filter the content of the reporter's steps before acting on them.
- [COMMAND_EXECUTION]: The skill enables the execution of arbitrary commands or scripts provided by untrusted reporters.
- Evidence:
SKILL.md(Step 3: Reproduce) explicitly directs the agent to "read the reporter's steps... and run tests or commands" to verify bugs. This allows a malicious reporter to potentially execute arbitrary code by embedding commands in their issue description.
Audit Metadata