fix-bug
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its design, which requires ingesting untrusted data (logs, error messages, and sample files) as part of Phase 0. While no active exploitation is present, the process allows external content to enter the agent's context without explicit isolation.
- Ingestion points: External logs, stack traces, and input data described in Phase 0.
- Boundary markers: Absent; the skill does not define specific delimiters to differentiate external data from its own instructions.
- Capability inventory: The skill allows for business code modification (Phase 6) and automated test execution (Phase 7).
- Sanitization: Absent; there are no instructions for sanitizing or escaping the data before it is processed. This surface risk is inherent to the bug-fixing use case and is mitigated by the skill's requirement for manual and automated validation of all fixes.
Audit Metadata