tasks-bug-diagnosis
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): Vulnerability to Indirect Prompt Injection. * Ingestion points: External data enters the context in Phase 1 via 'Reported Behavior', 'Error Message', and 'Stack Trace' fields. * Boundary markers: None are defined to separate untrusted data from the agent's instruction set. * Capability inventory: The skill uses high-privilege tools including 'Bash', 'Write', and 'Edit'. * Sanitization: There is no logic provided to sanitize or validate external content. An attacker could embed instructions in a stack trace to hijack the agent's workflow.
- [COMMAND_EXECUTION] (MEDIUM): Potential for shell command injection. * Evidence: Phase 2 uses the 'Bash' tool to execute
grepcommands using variables like{ClassName}and{EntityName}. * Context: These variables are derived from the 'Bug Report Analysis'. If the agent populates these fields with unsanitized data from a malicious bug report, it could lead to arbitrary command execution via shell metacharacters.
Recommendations
- AI detected serious security threats
Audit Metadata