issue-reporting
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's primary function is to assist users in formatting and filing bug reports on GitHub. It operates by gathering user input and checking for the presence of specific local files used for context.
- [DATA_EXPOSURE]: The skill identifies and checks for the existence of context files such as
strategy/brand.md,about/me.md, andCLAUDE.md. This is done to help users understand if missing context is the cause of poor AI performance before they file a report. The gathered information is then formatted into a template for the user to submit manually to the author's GitHub repository. - [INDIRECT_PROMPT_INJECTION]: The skill incorporates untrusted data, such as previous user prompts and agent outputs, into the generated issue report.
- Ingestion points: Data is pulled from the user's current session (prompts/outputs) and local context files (
strategy/brand.md,about/me.md,CLAUDE.md) in Step 2 and Step 4. - Boundary markers: The generated output in Step 4 uses markdown code blocks to delimit user-provided data within the report template.
- Capability inventory: The skill does not include any scripts or commands for subprocess execution, network operations, or dynamic code evaluation.
- Sanitization: No explicit sanitization of the input data is performed, as the final output is intended for manual review and submission by the user to a public issue tracker.
Audit Metadata