issue-tracking
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the global installation of the 'issy' package via Node.js package managers such as npm, pnpm, or bun. While this is the core functionality of the skill, 'issy' is an external dependency.- [COMMAND_EXECUTION]: The agent is instructed to execute various 'issy' CLI commands to list, read, create, and update issues. It also suggests using 'git' to commit changes to the issue tracker files.- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by reading content from local markdown files. If an attacker can influence the content of these files (e.g., through a Pull Request), they could inject instructions that the agent might inadvertently follow.
- Ingestion points: Markdown files stored in the '.issy/issues/' directory and the '.issy/on_close.md' hook file.
- Boundary markers: Absent; there are no specified delimiters or instructions to prevent the agent from interpreting content within the issue files as commands.
- Capability inventory: The agent has the ability to execute shell commands, install packages, and perform git operations.
- Sanitization: Absent; the skill does not perform any validation or sanitization of the markdown file contents before they are read into the context.
Audit Metadata