track-issue-flow
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): High susceptibility to Indirect Prompt Injection. \n
- Ingestion points:
track show <issue-id>inSKILL.mdreads issue details and notes from an external source.\n - Boundary markers: None are specified to delimit issue content from agent instructions.\n
- Capability inventory: Includes
trackstate mutation commands and direct file system write access for implementing code changes.\n - Sanitization: No sanitization or filtering of issue content is performed before processing.\n- [COMMAND_EXECUTION] (LOW): Operational reliance on the local
trackCLI for issue management.
Recommendations
- AI detected serious security threats
Audit Metadata