rtk-triage
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection because it ingests and processes untrusted data from GitHub issue and pull request bodies.
- Ingestion points: The skill uses
gh issue listandgh pr listin Phase 1 to fetch thebodyfield of issues and PRs. - Boundary markers: Absent; there are no explicit instructions to the AI to ignore instructions found within the fetched text.
- Capability inventory:
Bash(used for GitHub CLI commands),Write(used for saving reports toclaudedocs/), andReadacross the workspace. - Sanitization: Absent; the data is analyzed as-is for the purpose of categorization and cross-referencing.
- [COMMAND_EXECUTION]: The skill uses the
Bashtool to execute standardgh(GitHub CLI) commands for repository data collection. This is routine behavior for a triage automation skill. - [SAFE]: No obfuscation, persistence mechanisms, or credential harvesting patterns were detected. All external operations are performed via the GitHub CLI, and the output is stored locally in the workspace. The skill author 'rtk-ai' uses consistent naming conventions for the skill and its generated documentation.
Audit Metadata