fix-logs
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Persistence Mechanisms] (HIGH): The skill workflow explicitly modifies build and configuration files such as
package.json,Makefile, andpyproject.tomlto append shell commands (tee). This creates persistent modifications to the project's execution environment. - [Indirect Prompt Injection] (HIGH): The skill is vulnerable to instructions embedded in the user-provided issue. Evidence: 1. Ingestion points: The
$ARGUMENTSvariable in the Mission section. 2. Boundary markers: Absent. 3. Capability inventory: The skill can modify any file in the codebase and execute commands to 'generate logs' or 'test the fix'. 4. Sanitization: Absent. An attacker could craft an issue description that triggers malicious file modifications or command execution. - [Command Execution] (MEDIUM): The agent is instructed to run commands to generate logs and implement fixes. While intended for debugging, these capabilities are high-risk when paired with untrusted input without validation.
Recommendations
- AI detected serious security threats
Audit Metadata