triage-agent
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted content from issue trackers (titles, descriptions, and comments) to perform triage and routing. This creates a surface for indirect prompt injection where malicious instructions in a ticket could influence the agent's classification or guidance.\n
- Ingestion points: Reads parent issue titles, descriptions, and existing comments from the issue tracker.\n
- Boundary markers: Uses specific JSON blocks within HTML comments () to structure context and separate it from unstructured ticket text.\n
- Capability inventory: Uses MCP tools to read from and write updates or comments to the configured issue tracker.\n
- Sanitization: No explicit sanitization or filtering of external input text is performed before it is used in triage decision heuristics.\n- [COMMAND_EXECUTION]: The skill interacts with the local filesystem by reading and potentially creating a configuration file (/orchestra-config.json) at the repository root to determine its operating context and tool selection.
Audit Metadata