triage-issue
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data from the codebase being analyzed. Maliciously crafted comments or git commit messages could influence the agent's logic during the triage process.
- Ingestion points: The agent reads source files, dependencies, and git logs in Step 2 ('Explore and diagnose').
- Boundary markers: The skill lacks explicit instructions or delimiters to help the agent distinguish between its own instructions and content found within the analyzed files.
- Capability inventory: The agent can create issues in external repositories using the 'gh issue create' command.
- Sanitization: There is no logic to sanitize or filter data retrieved from the codebase before including it in the generated fix plan or GitHub issue.
- [COMMAND_EXECUTION]: The skill uses the GitHub CLI ('gh issue create') to perform actions on external systems. The instructions explicitly bypass human-in-the-loop verification by stating 'Do NOT ask the user to review before creating', which could lead to the unintended creation of issues if the agent is misled by the analyzed content.
Audit Metadata