bugfix-and-debug
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill leverages the Bash tool to execute standard development and testing commands such as composer, npm, git, and php artisan. While these are necessary for debugging, they provide a broad surface for command execution within the local environment.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. 1. Ingestion points: The agent is instructed to read application logs from storage/logs/laravel.log and project files using the Read and Grep tools. 2. Boundary markers: There are no instructions provided to use delimiters or ignore embedded instructions when processing external file content. 3. Capability inventory: The agent has the ability to execute system commands (Bash), edit files (Edit), and perform advanced analysis via MCP bridge tools. 4. Sanitization: The instructions do not include steps to validate or sanitize data ingested from logs or source files before processing.
Audit Metadata