youtrack
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- External Downloads (MEDIUM): The skill requires the installation of '@billpeet/yt-cli' via npm. This is a personal scoped package from an unverified author, posing a supply chain risk as it is not from a trusted organization or repository.
- Command Execution (LOW): The skill functions by executing shell commands using the 'yt' CLI. While this is the intended functionality, it grants the agent the ability to invoke local system processes.
- Credentials Unsafe (LOW): The setup instructions encourage storing permanent API tokens in a local configuration file ('~/.config/yt-cli/config.json') or environment variables. While standard for CLI tools, this creates a target for potential credential exposure if the filesystem is compromised.
- Indirect Prompt Injection (LOW): The skill retrieves and processes untrusted data from an external YouTrack instance.
- Ingestion points: Data enters the context via 'yt issue search', 'yt issue get', and 'yt issue comments' commands defined in SKILL.md.
- Boundary markers: None are specified to differentiate between instructions and data.
- Capability inventory: The skill has the capability to execute system commands (via the 'yt' CLI) and access the network.
- Sanitization: There is no evidence of sanitization or escaping of the content retrieved from issue summaries or comments.
Audit Metadata