to-issues
Pass
Audited by Gen Agent Trust Hub on Jun 21, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection surface identified.\n
- Ingestion points: The skill fetches and reads content, including bodies and comments, from an external issue tracker based on user-provided references (SKILL.md).\n
- Boundary markers: There are no explicit instructions or delimiters to isolate fetched data or prevent the agent from following commands embedded within it.\n
- Capability inventory: The agent is authorized to read from and publish new tickets to the project's issue tracker.\n
- Sanitization: No sanitization or validation logic is defined for the external data being processed.\n- [NO_CODE]: The skill contains no executable scripts or code files and relies entirely on natural language instructions for the AI agent.
Audit Metadata