django-triage
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- PROMPT_INJECTION (LOW): The skill processes untrusted data from external sources which could contain malicious instructions.\n
- Ingestion points: Django Trac tickets (Step 1), Django Forum posts (Step 4), and GitHub PR descriptions (Step 3).\n
- Boundary markers: Absent. The skill instructions do not utilize delimiters or specific directives to isolate ingested content from its operational logic.\n
- Capability inventory: Includes file system writing (
triage-reports/) and local command execution viauv runandgh.\n - Sanitization:
scripts/forum.pyuses regex to strip HTML tags, but does not provide sanitization against adversarial natural language instructions.\n- COMMAND_EXECUTION (LOW): Untrusted data from ticket titles and keywords is used to construct command-line arguments inSKILL.md.\n - Evidence: Step 2-1 and Step 4 interpolate extracted keywords into CLI commands (e.g.,
uv run --script ./scripts/trac.py search "<key keywords>"). This presents an argument injection risk if the agent fails to properly escape shell-sensitive characters extracted from external tickets.\n- EXTERNAL_DOWNLOADS (SAFE): Content is downloaded fromcode.djangoproject.com,forum.djangoproject.com, and GitHub. While these are reputable project sources, the downloaded content is unvetted user data that is subsequently processed by the agent.
Audit Metadata