bug-triage
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (LOW): Indirect prompt injection surface detected. The skill reads untrusted repository documentation (README.md, CONTRIBUTING.md) and user logs which could contain malicious instructions. Evidence: 1. Ingestion points: repo documentation and user logs in SKILL.md; 2. Boundary markers: Absent; 3. Capability inventory: Shell execution (bun, npm, pnpm, yarn, rg, git); 4. Sanitization: Absent.
- [COMMAND_EXECUTION] (LOW): The skill instructs the agent to execute build and test commands (bun build, npm lint, etc.) located within the repository. While necessary for the skill's primary purpose of bug reproduction, it results in the execution of code from potentially untrusted sources.
Audit Metadata