dev-debug
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The main orchestrator executes shell commands returned by subagents to verify bug fixes. Evidence: Bash("[test command from subagent report]") in SKILL.md. This creates a risk if a subagent is influenced by malicious data to provide a harmful command.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because subagents ingest untrusted project data without sanitization. Ingestion points: Subagents read project files and logs. Boundary markers: Subagents use structured reports but lack explicit delimiters for external content. Capability inventory: Subagents have Bash and Write access. Sanitization: No validation of subagent-generated commands.
Audit Metadata