issue-triage
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) as it ingests untrusted data from GitHub issues which could contain malicious instructions designed to subvert the triage process.
- Ingestion points: Issue titles, bodies, and comments fetched via
ghCLI or MCP inSKILL.md(Workflow Step 1). - Boundary markers: Absent. The skill lacks instructions to separate the analysis logic from the potentially adversarial content within the issues.
- Capability inventory: The agent has the authority to write to the repository (add labels, post comments, close issues) based on its analysis of untrusted data.
- Sanitization: Absent. Content is processed directly without validation or escaping.
- [EXTERNAL_DOWNLOADS] (SAFE): The skill recommends a GitHub MCP server from a trusted source.
- Evidence:
https://api.githubcopilot.com/mcp/inSKILL.md. - Reasoning: The domain belongs to a trusted organization (GitHub/Microsoft). Per [TRUST-SCOPE-RULE], this reference is classified as SAFE.
Audit Metadata