fix-bug
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: Analysis of the skill instructions and referenced templates shows no evidence of malicious intent, data exfiltration to unauthorized parties, or unsafe code execution.\n- [COMMAND_EXECUTION]: The skill uses the Bash tool to automate standard development tasks, including Git branch management, running test suites, and interacting with the GitHub CLI (gh). These operations are restricted to the local repository and the user's configured GitHub environment.\n- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface due to its interaction with external ticket data and user-provided bug descriptions.\n
- Ingestion points: Extracts task IDs and bug context from user prompts or task management systems.\n
- Boundary markers: No specific delimiters (like triple quotes or XML tags) are mandated for the external data used in branch names or PR titles.\n
- Capability inventory: The agent can modify files, execute bash commands, and perform network operations through authorized CLI tools (gh).\n
- Sanitization: The instructions require the agent to normalize input into specific formats (kebab-case for names and display ID extraction for tickets), which mitigates the risk of characters typically used in shell injection attacks.
Audit Metadata