bug-fix
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
Bashtool for running verification steps like type checks, tests, and builds. This is a legitimate and expected use of the tool within a developer-focused bug-fixing workflow. - [INDIRECT_PROMPT_INJECTION]: The skill processes external, untrusted data in the form of bug reports, error messages, and stack traces. While this presents a potential surface for indirect prompt injection, the skill includes significant mitigations: it requires a structured reasoning process (sequential-thinking) and mandates explicit user selection of a fix option before any Edit or Bash commands are executed.
- [SAFE]: No signs of obfuscation, data exfiltration, hardcoded credentials, or unauthorized remote code execution were found. The skill operates on local files using standard agent capabilities.
Audit Metadata