bruhs
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill creates a significant attack surface by ingesting content from external sources that can be controlled by third parties.
- Ingestion points: Linear ticket content (
yeet), Pull Request review comments (peep), and existing project codebases (claim,slop). - Boundary markers: No delimiters or instructions to ignore embedded commands are present in the provided orchestrator (
SKILL.md). - Capability inventory: Based on descriptions, the skill has broad permissions including filesystem writes, Git operations (commit, push, merge), and external API interactions.
- Sanitization: There is no evidence of sanitization or schema validation for data retrieved from external dev tools.
- Command Execution (HIGH): The commands
spawnandcooktypically require executing shell commands, package managers, and build toolchains. The implementation for these sensitive operations is located in external files (commands/*.md) that were not provided, representing an unverified execution risk. - Metadata Poisoning (MEDIUM): The use of informal and misleading terminology ('yeet', 'slop', 'bruhs') for critical operations like shipping code and merging PRs can lead to user confusion regarding the security implications and finality of the agent's actions.
Recommendations
- AI detected serious security threats
Audit Metadata