analyze-ticket
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a logical classification system for project tickets. It calculates complexity scores based on the presence of technical keywords and labels to guide the agent's workflow depth.
- [COMMAND_EXECUTION]: While the skill mentions integration with commands like
/resolveand/analyze-ticket, and recommends launching exploration agents or the 'Architect' skill, these are standard workflow orchestration patterns within the agent environment and do not involve arbitrary shell execution or system modification. - [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted external data (ticket titles, descriptions, and comments). There is a minor risk that an attacker could attempt to manipulate the complexity score by stuffing a ticket with specific keywords (e.g., repeatedly using 'quick-fix' to force a SIMPLE classification). However, since the output is used for internal workflow prioritization and doesn't trigger sensitive operations, the impact is negligible.
- [DATA_EXPOSURE]: The skill reads configuration from
.claude/ticket-config.json. This is a standard practice for skill configuration and does not represent an exposure of sensitive user or system data.
Audit Metadata