The Agent Skills Directory

[COMMAND_EXECUTION] (SAFE): The skill utilizes local shell commands including git and grep for its analysis workflow. This is standard behavior for a code investigation tool and uses the tools for their intended purposes.
[PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection through its ingestion of external data. 1. Ingestion points: Error logs, source code via grep, and git history (commit messages and author names). 2. Boundary markers: The skill does not use specific delimiters or instructions to isolate untrusted data from its primary instructions. 3. Capability inventory: The skill has the ability to execute shell commands, run developer tests, and update issue trackers using the bd CLI. 4. Sanitization: No sanitization or validation of the external input strings is performed before they are processed by the agent.

bug-hunt