Skills
skills/peteonrails/voxtype/triage/Gen Agent Trust Hub

triage

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • Indirect Prompt Injection (LOW): The skill possesses a surface for indirect prompt injection by processing untrusted data from external sources.
  • Ingestion points: The workflow uses gh issue view, gh pr view, and gh search issues to fetch titles and bodies from GitHub, which are controlled by external users (SKILL.md).
  • Boundary markers: Absent. There are no instructions or delimiters (e.g., XML tags or triple quotes) used to isolate the untrusted issue/PR content from the agent's instructions.
  • Capability inventory: The skill allows Bash execution (restricted to read-only gh subcommands), and file system access via Read, Glob, and Grep (SKILL.md).
  • Sanitization: Absent. The agent is instructed to extract keywords and analyze the content directly, which could lead to the agent following malicious instructions embedded in an issue body.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:22 PM