skills/xpepper/plan-feature-from-youtrack-agent-skill/plan-feature-from-youtrack/Gen Agent Trust Hub
plan-feature-from-youtrack
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands via the
ytCLI using a user-supplied<card-id>(e.g.,yt issues show <card-id>). While the intended usage involves alphanumeric issue IDs, a lack of explicit validation on the identifier string could potentially allow for command injection if the agent environment does not properly escape the input. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes external data that could contain malicious instructions.
- Ingestion points: Ingests issue descriptions, comments, and metadata from YouTrack via the
ytCLI tool in Step 2. - Boundary markers: Absent. The skill does not define specific delimiters or instructions for the agent to ignore potentially malicious embedded content within the fetched YouTrack data.
- Capability inventory: The skill has the ability to execute shell commands (
yt) and write Markdown files to the local working directory. - Sanitization: Absent. There is no mention of sanitizing or validating the text content retrieved from YouTrack before it is used to ground the generation of specs and plans.
Audit Metadata