issue-manage
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes and re-displays user-controlled data.
- Ingestion points: User-provided issue descriptions are stored in
issues.jsonand subsequently read for processing during the/issue-manage:dashboardand/issue-manage:insightcommands. - Boundary markers: The instructions do not define the use of delimiters or 'ignore' instructions when reading the stored data to separate it from the agent's task instructions.
- Capability inventory: The skill performs file read and write operations (
issues.jsonandinsight-*.md) within the local execution environment. - Sanitization: The content of the issue descriptions is not sanitized or validated before being written to reports, which could allow maliciously crafted text to influence the agent's analysis logic.
Audit Metadata