django-ticket-triage
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes untrusted data from external sources.\n
- Ingestion points: The
scripts/trac.pyfile retrieves ticket descriptions and comments fromcode.djangoproject.com, whilescripts/forum.pyfetches discussion posts fromforum.djangoproject.com.\n - Boundary markers: There are no explicit delimiters or instructions provided to the agent to treat fetched data as untrusted or to ignore instructions embedded within the text.\n
- Capability inventory: The skill has the ability to execute GitHub CLI commands via
ghand perform filesystem operations including reading, searching (via grep), and writing triage reports.\n - Sanitization: Data is parsed using standard libraries and basic HTML stripping, but there is no mechanism to sanitize or filter potential prompt injection attacks hidden in user-generated text.\n- [EXTERNAL_DOWNLOADS]: The skill communicates with external domains to retrieve information.\n
- Details: It fetches ticket metadata and RSS feeds from the official
code.djangoproject.comdomain and searches for discussions onforum.djangoproject.comusing the Python standard library'surllibmodule.\n- [COMMAND_EXECUTION]: The skill executes external command-line tools and local scripts.\n - Details: It uses the authenticated
ghCLI for searching and viewing pull requests on GitHub. It also executes internal Python scripts (scripts/trac.pyandscripts/forum.py) and utilizes system tools likegrepandglobto interact with a local clone of the Django source code.
Audit Metadata