architect-agent
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill possesses a surface for indirect prompt injection because it ingests data from external issue trackers which may contain instructions intended to manipulate the agent's behavior.
- Ingestion points:
Procedurestep 2 specifies reading the parent issue context, including summary, description, and comments from the tracker. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are defined for the issue tracker data.
- Capability inventory: The skill uses an
issue_trackerMCP to create subtasks, update issue statuses, and add summary comments. - Sanitization: No sanitization or validation of the ingested issue data is described in the procedure.
Audit Metadata