bug-hunt
Warn
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides numerous shell command templates in
SKILL.mdandreferences/failure-categories.md(e.g.,grep,find,git,ao lookup, andbd show) that interpolate user-supplied parameters such as<error-text>,<symptom-keywords>,<issue-id>, and<scope>. Directly inserting unvalidated user input into shell strings without explicit escaping instructions creates a significant surface for command injection attacks. - [PROMPT_INJECTION]: As a code auditing and bug investigation tool, the skill is designed to ingest and process untrusted data from the codebase and external logs. It lacks implementation of boundary markers (e.g., XML tags or delimiters) or specific negative constraints to prevent the agent from following malicious instructions that might be embedded in the files or bug reports it analyzes (Indirect Prompt Injection).
- [DATA_EXFILTRATION]: The skill's instructions encourage broad recursive searches and deep exploration of git history. While intended for finding bugs, these patterns can be exploited by crafted prompts or injected data to locate and expose sensitive information, such as configuration files, environment settings, or hardcoded credentials, which could then be exfiltrated through the agent's output.
Audit Metadata