triage
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data from issue descriptions and comments to automate triage decisions and generate summaries, creating a surface for indirect prompt injection.
- Ingestion points: SKILL.md (Step 1 in 'Triage a specific issue' section) reads the full issue body and comments.
- Boundary markers: No delimiters are specified to separate user content from system instructions.
- Capability inventory: The skill can post comments, modify labels, close issues, and write files to the '.out-of-scope/' directory.
- Sanitization: No sanitization or validation of the input content is described.
- [COMMAND_EXECUTION]: The skill instructs the agent to 'run tests or commands' to reproduce bugs based on steps provided by reporters. This instructions-as-code pattern creates a risk where the agent might execute arbitrary or malicious commands embedded in an issue report.
- Evidence: SKILL.md (Step 3 in 'Triage a specific issue' section) explicitly directs the agent to attempt reproduction by tracing code and running tests based on the reporter's steps.
Audit Metadata