triage

Pass

Audited by Gen Agent Trust Hub on Jun 21, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill ingests untrusted data from external issue trackers and uses it to drive agent behavior, specifically in the bug reproduction phase. This constitutes a surface for indirect prompt injection. Ingestion points: Issue bodies and comments read in SKILL.md (Step 1: Gather context). Boundary markers: None; the skill does not instruct the agent to use delimiters or ignore embedded instructions within the ingested issue content. Capability inventory: The skill explicitly directs the agent to 'run tests or commands' during reproduction in SKILL.md (Step 3). Sanitization: No sanitization or validation logic is defined to check the safety of commands derived from the issue reporter's steps.
  • [COMMAND_EXECUTION]: The reproduction step in SKILL.md (Step 3) instructs the agent to execute commands based on input from untrusted issue reporters, which is a significant risk factor for arbitrary code execution if instructions in the issue are malicious.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 21, 2026, 05:42 AM
Security Audit — agent-trust-hub — triage