fix-reporter
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill ingests untrusted user data and writes it to persistent storage for later processing by other agents (e.g., lessons-discoverer).
- Ingestion points: Step 2 captures 'Symptom', 'Investigation attempts', and 'Root cause' directly from conversation.
- Boundary markers: Uses Markdown sections (e.g., '# Symptoms') but lacks explicit 'ignore embedded instructions' warnings for content blocks.
- Capability inventory: Has 'Write' access to the file system and 'Bash' for shell execution.
- Sanitization: Filenames are sanitized in Step 4, but the actual content written in Step 6 is not sanitized for potential prompt injection or markdown escape sequences.
- Command Execution (LOW): Step 3 instructs the agent to run
grep -r "exact error phrase" .agents-os/lessons/. If the 'exact error phrase' (derived from user input) is not properly escaped by the agent, it could lead to command injection (e.g., a symptom containing shell metacharacters like$(command)).
Audit Metadata