ziw-to-issues
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it processes untrusted external content.
- Ingestion points: The skill reads external data including "spec docs", "PRD tickets", and "epic tickets" as described in
SKILL.mdto drive its core logic. - Boundary markers: The instructions do not specify any delimiters or safety markers to help the agent distinguish between the developer's instructions and potentially malicious commands embedded in the processed documents.
- Capability inventory: The skill possesses the capability to create new implementation tickets, adopt and modify existing tickets, and set security-sensitive labels (e.g.,
ready-for-agent) based on its interpretation of the input data. - Sanitization: There is no evidence of content sanitization or validation of the input data before it is used to populate ticket fields such as "acceptance criteria" and "security invariants."
Audit Metadata