youtrack
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill integrates with YouTrack to read issues and articles, creating a surface for indirect prompt injection where malicious data could influence agent behavior.
- Ingestion points: Data enters through the YouTrack REST API when the agent lists issues or articles (referenced as
scripts/youtrack_api.py). - Boundary markers: No specific delimiters or instructions to ignore content within the data are provided to the agent.
- Capability inventory: The skill possesses capabilities to create issues, update issues, create articles, and generate invoices based on tracked time.
- Sanitization: The documentation does not specify any sanitization or validation of the retrieved data before processing.
- [NO_CODE]: The skill documentation references essential Python scripts (
scripts/youtrack_api.py,scripts/invoice_generator.py) required for its operations, but these files are missing from the analyzed skill package.
Audit Metadata