bug-reporting
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The scripts directory contains several Python wrappers (e.g., convert_to_csv.py, parse_json.py) that use subprocess.call to execute the core conversion logic in convert_formats.py or parse_formats.py. These calls use the list-based argument format and sys.executable, which prevents shell injection while allowing the scripts to function as a modular toolset.\n- [PROMPT_INJECTION]: The skill is designed to process untrusted external data such as bug descriptions, logs, and various file formats, creating a surface for indirect prompt injection.\n
- Ingestion points: User input for bug descriptions and files processed by scripts in the scripts/ directory.\n
- Boundary markers: The prompt uses markdown headers to separate report sections as defined in prompts/bug-reporting.md.\n
- Capability inventory: Local script execution via subprocess for data conversion is present in the helper scripts.\n
- Sanitization: Input is handled using standard Python parsing libraries.
Audit Metadata