triage
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted input from GitHub issues and comments, creating a vulnerability to indirect prompt injection. 1. Ingestion points: Issue bodies, comments, and reporter metadata (SKILL.md). 2. Boundary markers: Absent; there are no instructions to isolate or delimit external content. 3. Capability inventory: Executing shell commands/tests for reproduction, writing to '.out-of-scope/' files, and posting comments or closing issues via GitHub API. 4. Sanitization: Absent; the skill does not specify any validation or filtering of external input. Furthermore, the skill generates 'agent briefs' (AGENT-BRIEF.md) that act as contracts for downstream agents, creating a multi-step chain risk where poisoned triage data influences future agent actions.
- [COMMAND_EXECUTION]: The skill requires the agent to 'run tests or commands' to reproduce bugs (SKILL.md, Step 3). If reproduction steps provided by an untrusted reporter are followed without rigorous verification, the agent could inadvertently execute malicious code on the host system.
Audit Metadata