to-issues
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting and processing data from an external issue tracker.\n
- Ingestion points: Fetches and reads full bodies and comments from an issue tracker based on user-provided references (SKILL.md, Step 1).\n
- Boundary markers: Absent; the instructions do not specify the use of delimiters or provide guidance to the agent to treat fetched content as untrusted.\n
- Capability inventory: The skill allows the agent to explore the local codebase and publish new issues to the tracker.\n
- Sanitization: Absent; the ingested content is used directly to propose issue titles, descriptions, and criteria.\n
- User Interaction: The skill implements a mandatory human-in-the-loop review ('Quiz the user' in Step 4) where the user must approve the breakdown before any issues are published, providing a critical check against malicious instructions.
Audit Metadata