dispatch
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill has a risk of indirect prompt injection because it reads and processes external content from GitHub Issues and Pull Requests.\n
- Ingestion points: GitHub Issue titles and bodies are read during the triage and implementation phases (SKILL.md), and Pull Request content is read during the review phase (SKILL.md).\n
- Boundary markers: The instructions do not define clear delimiters or specific instructions for sub-agents to ignore potentially malicious embedded content when receiving issue or PR data.\n
- Capability inventory: The skill utilizes Bash, Write, and Edit tools (SKILL.md), which allow for significant filesystem and command-line access if an agent is successfully manipulated via injection.\n
- Sanitization: There is no mention of sanitizing, escaping, or validating the external content before it is passed to the AI for processing.\n- [COMMAND_EXECUTION]: The skill permits the use of the Bash tool for implementation and triage tasks. While this is necessary for its core functionality, it represents a capability that could be abused if the agent is compromised through malicious input in GitHub content.
Audit Metadata