review-bug-fixer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): Indirect Prompt Injection vulnerability through untrusted review data.\n
- Ingestion points: The skill reads and processes arbitrary user-provided markdown files (e.g.,
review1.md,review2.md).\n - Boundary markers: Absent. There are no instructions or delimiters used to isolate the content of these files from the agent's execution instructions.\n
- Capability inventory: The skill is authorized to read source files and apply code modifications (edits/writes) to the current branch.\n
- Sanitization: Absent. The triage process relies on the LLM's reasoning to validate findings, making it susceptible to adversarial instructions embedded within the review markdown that could instruct the agent to introduce vulnerabilities or backdoors.
Audit Metadata