bugfix-quick
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Prompt Injection] (HIGH): The skill is susceptible to Indirect Prompt Injection (Category 8) due to its core workflow of reading and acting upon untrusted external data. \n
- Ingestion points: Processes error descriptions, bug reports, and source code using Read, Grep, and Glob tools (SKILL.md). \n
- Boundary markers: Absent. The skill lacks delimiters or instructions to treat bug reports as data rather than instructions. \n
- Capability inventory: Grants Bash, Edit, and Write tools (SKILL.md frontmatter), allowing for arbitrary command execution and file modification. \n
- Sanitization: Absent. Input is used directly to define the fix and verification steps. \n- [Command Execution] (MEDIUM): The explicit permission for the Bash tool allows for the execution of arbitrary shell commands. While intended for TDD, this capability provides a direct execution vector for any instructions injected through the bug report input.
Recommendations
- AI detected serious security threats
Audit Metadata