Skills
skills/blueif16/amazing-claude-code-plugins/fix-engine/Gen Agent Trust Hub

fix-engine

Pass

Audited by Gen Agent Trust Hub on Feb 21, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (LOW): The skill executes shell-level commands (git add and git commit) with dynamically generated content. If the agent's summary or section variables are derived from untrusted project files without proper escaping, it could lead to unintended command interpretation in the shell environment.\n- [PROMPT_INJECTION] (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it relies on external, potentially attacker-controlled requirement files (.task/mini-prd.md) to drive its internal logic.\n
  • Ingestion points: Processes .task/mini-prd.md to generate task instructions and checklists.\n
  • Boundary markers: None; the skill does not use delimiters or instructions to prevent the agent from obeying embedded commands within the PRD content.\n
  • Capability inventory: File system modification, shell command execution (Git), and orchestration of sub-agents with implementation capabilities.\n
  • Sanitization: No input validation or sanitization is performed on the data read from the project files before it influences the agent's orchestration logic.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 21, 2026, 08:22 AM