triage-bug
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or unauthorized data access were identified. The skill's behavior is consistent with its stated purpose of bug triage and investigation.
- [PROMPT_INJECTION]: The skill processes untrusted content from the codebase (source code, comments, git history), which constitutes a surface for indirect prompt injection. * Ingestion points: Codebase files, git logs, and existing tests accessed during the diagnosis phase. * Boundary markers: None identified; the skill does not specify delimiters for external content. * Capability inventory: Codebase exploration, call chain tracing, and reporting findings via the
report-issueskill. * Sanitization: No explicit sanitization or validation of ingested code content is defined.
Audit Metadata