ubs-bug-scan
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires installing the 'ubs' binary from the third-party Homebrew tap 'dicklesworthstone/tap/ubs'. This introduces an external dependency from a source outside the verified trusted vendors list.
- [COMMAND_EXECUTION]: The skill executes the 'ubs' binary with access to the local filesystem (e.g., 'ubs .', 'ubs --staged'). It also utilizes shell pipes and 'jq' to process findings, which involves executing code based on the tool's output.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection:
- Ingestion points: The 'ubs' tool scans project source code and configuration files in 'SKILL.md'.
- Boundary markers: The skill uses JSON formatting for machine-parseable output, but lacks explicit boundary markers or instructions to the agent to ignore embedded commands within the scanned code.
- Capability inventory: The agent is granted 'Bash' access and is explicitly instructed to 'Fix findings' in the source code in 'SKILL.md'.
- Sanitization: No sanitization is performed on the results returned by 'ubs' before they are processed by the agent.
Audit Metadata