Skills
skills/henryatulike-bot/bounty-hunter-starter-pack/bounty-hunter-starter/Gen Agent Trust Hub

bounty-hunter-starter

Warn

Audited by Gen Agent Trust Hub on Mar 20, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill implements a custom rule-based workflow where execution logic is defined as embedded Python snippets within YAML files (e.g., rules/evidence_first_rules.yaml, rules/task_freeze_rules.yaml). These snippets perform operations such as state transitions, file writes, and subagent spawning at runtime.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests and processes task data that can be influenced by external actors (e.g., via GitHub issue descriptions).
  • Ingestion points: The skill reads task.description and task.blocker_details within the action blocks of rules/model_routing_rules.yaml and rules/task_freeze_rules.yaml.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the rule evaluation logic.
  • Capability inventory: The skill utilizes spawn_subagent, write_to_file, append_to_file, and save_to_file commands across its YAML rule definitions to manage task state and memory.
  • Sanitization: No sanitization or filtering of external input is observed before it is used in conditional logic or logged to memory files.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 20, 2026, 06:39 AM