triage
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is explicitly instructed to reproduce bugs by running tests or commands based on the reporter's steps found in issue bodies. This involves local shell execution which, while intended for debugging, could be manipulated by adversarial input in the issue description.
- [PROMPT_INJECTION]: The skill has a significant surface for indirect prompt injection as it ingests and processes untrusted data from GitHub issue reports and comments.
- Ingestion points: The agent reads the complete issue context, including body, comments, and labels from the issue tracker (SKILL.md).
- Boundary markers: No specific delimiters or instructions to ignore embedded commands within the issue content are defined to protect the agent from being hijacked by malicious text in reports.
- Capability inventory: The skill possesses the ability to execute arbitrary shell commands for reproduction, write new markdown files to the
.out-of-scope/directory, and post comments back to the issue tracker. - Sanitization: There is no evidence of input validation or sanitization of the issue content before it is used to inform command execution or triage logic.
Audit Metadata