bug
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: User-provided input through the $ARGUMENTS variable is appended to the instruction set without the use of boundary markers or safety delimiters. This creates a surface for both direct and indirect prompt injection, allowing external content to potentially override the agent's behavior.
- [COMMAND_EXECUTION]: The skill grants the agent access to the Bash tool and explicitly instructs it to create and execute validation commands. This capability significantly increases the impact of a successful prompt injection, as the agent could be tricked into running malicious shell commands.
- [PROMPT_INJECTION]: Analysis of the indirect prompt injection vulnerability surface:
- Ingestion points: The bug description argument processed in SKILL.md.
- Boundary markers: Absent; the user-controlled input is not isolated from the instruction context.
- Capability inventory: High-privilege access including Bash, Read, Write, Glob, and Grep tools.
- Sanitization: No input validation, escaping, or filtering is performed on the provided bug description data.
Audit Metadata