Skills
skills/everyinc/compound-engineering-plugin/report-bug/Gen Agent Trust Hub

report-bug

Pass

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Executes shell commands including cat, uname, and the GitHub CLI (gh) to gather system info and create repository issues.
  • [DATA_EXFILTRATION]: Transmits technical environment data and user-provided bug descriptions to the vendor's repository on GitHub. This is consistent with the skill's stated purpose.
  • [PROMPT_INJECTION]: The skill ingests untrusted user input and processes it within shell commands, presenting an indirect prompt injection surface.
  • Ingestion points: User input from bug report questions 1-6 in SKILL.md.
  • Boundary markers: No explicit delimiters are used to wrap user-provided text.
  • Capability inventory: Shell command execution via gh issue create in SKILL.md.
  • Sanitization: User input is not sanitized or escaped before being passed to the CLI tool.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 12, 2026, 03:33 PM