issue-fixer
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill processes untrusted external content (issue reports and bug descriptions) while possessing capabilities to modify files and execute commands. This creates a risk where malicious instructions in a bug report could lead to unauthorized code changes.
- Ingestion points:
.issues/opening.mdand user-provided bug reports. - Capability inventory: Modifies source files and executes shell commands (
ruff,pytest,npm build). - Boundary markers: No delimiters or explicit warnings to ignore embedded instructions are present.
- Sanitization: No evidence of input validation or sanitization.
- Command Execution (MEDIUM): The skill executes local build and test commands (
python -m pyright,ruff,pytest,npm run build). While these are standard development tools, they are executed on a codebase that the skill is actively modifying based on potentially untrusted external inputs. - Remote Code Execution (LOW): While no direct remote downloads are seen, the skill's reliance on
npm run buildandnpm testcan trigger remote package fetching or execution if thepackage.jsonis modified.
Recommendations
- AI detected serious security threats
Audit Metadata