issue-to-solution-bridge
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to ingest and interpret external issue descriptions from GitHub or Jira and use them to drive autonomous development tasks. Malicious instructions embedded in these external sources could potentially influence the agent's orchestration logic.
- Ingestion points: The skill accepts issue descriptions via the
--inputargument insrc/index.tsand has the capability to fetch remote issues via theghCLI insrc/lib.ts. - Boundary markers: There are no explicit delimiters or instructions provided to the agent to disregard embedded commands in the processed data.
- Capability inventory: The skill orchestrates multiple high-privilege sub-skills including
codebase-mapper(file read/map),test-suite-architect(code generation), andmission-control(orchestration). - Sanitization: No sanitization or validation of the ingested issue text is performed before it is processed for action recommendations.
- [DATA_EXFILTRATION]: According to
SKILL.md, the skill adheres to a 'Knowledge Protocol' that integrates confidential company and personal knowledge tiers, including secrets. The exposure of these secrets to an autonomous orchestration loop that processes untrusted external input increases the risk of data exposure through prompt injection. - [COMMAND_EXECUTION]: The skill invokes the GitHub CLI (
gh) usingsafeExecinsrc/lib.tsto fetch issue data. While the execution is wrapped, the parameters such as the issue reference and repository name are derived from external input, which could be exploited if not strictly validated by the underlying platform.
Audit Metadata