fix
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is vulnerable to indirect prompt injection because it processes untrusted input from
bugs/pending.csvwithout sanitization. - Ingestion points:
bugs/pending.csvis read in Stage 1 and Stage 2 to analyze bug descriptions. - Boundary markers: Absent. The skill does not use specific delimiters or instructions to ignore potential commands embedded in bug titles or descriptions.
- Capability inventory: High-impact capabilities include rewriting source code (Stage 6), executing Playwright tests (Stage 7), and re-writing local CSV files (Stage 8).
- Sanitization: Absent. There is no evidence of filtering or validation of the CSV content before it is processed by the LLM.
- [Command Execution] (LOW): The skill explicitly performs automated code modification and runs Playwright. While these are high-privilege operations, they are consistent with the skill's primary stated purpose of automated bug fixing.
- [Data Exposure] (SAFE): The skill accesses local CSV files (
bugs/pending.csv,archived.csv), but does not demonstrate patterns of exfiltrating this data to external non-whitelisted domains.
Audit Metadata