backlog-management
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is authored by PrefectHQ and focuses on managing its own public repository (PrefectHQ/prefect). All commands and target resources are consistent with the vendor's legitimate operations.
- [SAFE]: The skill enforces a 'read-only' default mode, requiring explicit user approval before any edits or labels are applied to the repository. This human-in-the-loop constraint effectively prevents autonomous or accidental destructive actions.
- [SAFE]: Command usage is limited to the official GitHub CLI (
gh) for listing issues and labels. These are non-privileged operations that do not involve downloading or executing untrusted code. - [PROMPT_INJECTION]: The skill ingests untrusted data from GitHub issue descriptions and comments (Category 8: Indirect Prompt Injection surface).
- Ingestion points: Untrusted data enters the agent context via
gh issue listin SKILL.md. - Boundary markers: No explicit delimiter strings are defined, but the multi-pass review process serves as a functional boundary.
- Capability inventory: Capabilities are restricted to issue classification and labeling; no access to sensitive system files or arbitrary network operations is present.
- Sanitization: The skill uses predefined templates for comments, ensuring the agent's output is structured and safe regardless of input content.
Audit Metadata