pir
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data from external monitoring and incident management platforms, creating a potential surface for indirect prompt injection during report synthesis.
- Ingestion points: Incident data is ingested from temporary files such as
.pagerduty-oncall-tmp/report.md,.datadog-analyser-tmp/report.md, and.rollbar-reader-tmp/report.mdin Step 2. - Boundary markers: There are no explicit delimiters or 'ignore embedded instructions' warnings used when processing the ingested report data to prevent malicious content from influencing the agent.
- Capability inventory: The skill has access to the Bash tool for repository analysis and the Skill tool to invoke sub-agents.
- Sanitization: No sanitization or validation of the external report content is performed before it is passed to the synthesis step.
- [COMMAND_EXECUTION]: The skill uses the Bash tool for repository history analysis and file system maintenance.
- Evidence: In
steps/step3a-codebase-analysis.md, the skill executesgit fetch,git log, andgit showto correlate code changes with incident timelines. - Evidence: In
steps/step4-present-results.md, the skill usesrm -rfto clean up temporary discovery report folders. - [EXTERNAL_DOWNLOADS]: The skill orchestrates data retrieval from third-party monitoring services via specialized sub-skills.
- Evidence: Step 2 involves calling
pagerduty-oncall,datadog-analyser,cloudflare-traffic-investigator, androllbar-readerto gather data from well-known infrastructure and error-tracking services.
Audit Metadata