bug-history-summarizer
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell-level
gitcommands, such asgit blame,git bisect, andgit show, using external inputs like file paths and commit hashes. This pattern presents a potential command injection risk if the agent interpolates these parameters into a shell without proper sanitization. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its ingestion of external repository data. 1. Ingestion points: The agent reads repository source files, commit messages, and issue reports. 2. Boundary markers: No delimiters or specific instructions are provided to distinguish untrusted external data from the agent's core instructions. 3. Capability inventory: The workflow requires the agent to perform file system analysis and execute subprocesses based on ingested content. 4. Sanitization: The instructions do not include steps to sanitize or escape data retrieved from the repository before processing or reporting.
Audit Metadata