investigate-bug
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing untrusted data during bug investigations.\n
- Ingestion points: External data enters the agent context through the
$ARGUMENTSvariable and the process of 'gathering symptoms'.\n - Boundary markers: There are no boundary markers or instructions to disregard embedded commands in the ingested data.\n
- Capability inventory: The skill describes invoking a 'consultant CLI' to perform root cause analysis and state analysis.\n
- Sanitization: There is no mention of input sanitization or validation for the data gathered from external sources.\n- [COMMAND_EXECUTION]: The skill explicitly instructs the agent to 'invoke the consultant CLI', which indicates the execution of local system commands as part of the primary workflow.
Audit Metadata