release-health-gates
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by directing the agent to ingest and act upon data from external GitHub resources.
- Ingestion points: Data enters the agent's context through GitHub API calls (check-suites, deployments) and the monitoring of issue labels (e.g., 'qa-blocker') as specified in 'modules/quality-signals.md'.
- Boundary markers: The instructions lack explicit boundary markers or directives to treat external data as untrusted, which could lead the agent to interpret embedded comments or issue descriptions as legitimate instructions.
- Capability inventory: The skill utilizes the 'minister-tracker' tool and generates markdown snippets for PR comments, providing a mechanism for poisoned input to propagate into repository artifacts or influence agent decisions.
- Sanitization: No sanitization, validation, or escaping of the ingested GitHub content is described in the provided modules.
Audit Metadata