youtrack
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by instructing the agent to ingest and analyze untrusted data from YouTrack issues (summaries, descriptions, and comments).
- Ingestion points: The 'Discovery Protocol' and 'Application' sections in
SKILL.mdinvolve querying and reviewing existing issues via API or tools. - Boundary markers: There are no instructions for using delimiters or negative constraints to prevent the agent from executing commands embedded in issue text.
- Capability inventory: The agent is provided with a full command reference (
references/commands.md) capable of modifying issue states, assignments, and visibility. - Sanitization: The skill does not provide methods for sanitizing external data before it is interpreted by the agent.
- [EXTERNAL_DOWNLOADS]: The file
.dev/reference-inventory.jsoncontains references to official JetBrains documentation. These are well-known technology service domains and are considered safe sources for reference material. - [NO_CODE]: The skill is composed entirely of markdown documentation and a JSON configuration file; it contains no executable scripts or binary files.
Audit Metadata