youtrack
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill performs authorized API interactions for YouTrack management using standard Python libraries.
- [DATA_EXPOSURE]: Authentication tokens are stored in
~/.config/youtrack/config.jsonwith file permissions set to0o600viaos.chmod, protecting sensitive data from unauthorized local access. - [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data from remote YouTrack issues. It follows best practices by instructing the agent to treat this data as third-party content. Ingestion points:
scripts/youtrack_api.pyfetches issues and comments via GET requests. Boundary markers: Instruction-based warnings inSKILL.md. Capability inventory: REST API interactions with write permissions. Sanitization: Usage of instructional guardrails to prevent untrusted content from driving actions.
Audit Metadata