backlog
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Risk of indirect prompt injection via external GitHub issue content.
- Ingestion points: The skill fetches issue titles, labels, and bodies from GitHub using the
gh issue listcommand inSKILL.md. - Boundary markers: No delimiters or explicit instructions are used to separate issue content from agent instructions.
- Capability inventory: The skill computes statistics, identifies staleness, and invokes the
/issue lintcommand. - Sanitization: The fetched data is processed directly for readiness scoring and reports without validation or filtering of potential embedded instructions.
Audit Metadata