to-issues
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its handling of untrusted external data.\n
- Ingestion points: Untrusted data enters the agent context from the conversation history, user-provided PRDs, design specifications, and external issue tracker content (via URLs or issue references).\n
- Boundary markers: The instructions do not specify the use of delimiters or warnings to ignore embedded instructions when the agent processes these external sources.\n
- Capability inventory: The agent possesses the capability to explore the codebase and write/publish content to the project's issue tracker.\n
- Sanitization: There are no mentioned mechanisms for validating, escaping, or filtering the external content before it is processed or published.
Audit Metadata