Skills
skills/hicaosen/skills/cnb-issue/Gen Agent Trust Hub

cnb-issue

Pass

Audited by Gen Agent Trust Hub on Mar 11, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [UNVERIFIABLE_DEPENDENCIES_AND_REMOTE_CODE_EXECUTION]: The skill requires the swagger-client Node.js package. This is a well-known and standard library for interacting with OpenAPI-defined services and is used here for its intended purpose of communicating with the CNB API.
  • [INDIRECT_PROMPT_INJECTION]: The skill retrieves issues and comments from the CNB platform and provides them to the agent. This data could contain malicious instructions from an external attacker aimed at influencing the agent's behavior.
  • Ingestion points: External data is ingested through the listIssues, getIssue, and getComments functions in scripts/cnb-client.js which fetch data from the CNB API.
  • Boundary markers: The script does not implement any boundary markers or instructions to the agent to treat the fetched content as untrusted data.
  • Capability inventory: The skill includes functions to create and update issues, labels, assignees, and comments on the CNB platform via scripts/cnb-client.js.
  • Sanitization: The skill does not perform any sanitization or validation of the text content returned from the CNB API before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 11, 2026, 10:30 AM