bisect-ssa-pass
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- UNVERIFIABLE_DEPENDENCIES (MEDIUM): The skill references several local shell scripts (split-ssa-passes.sh, clean-ssa-files.sh, bisect-ssa.sh) that are not provided, preventing verification of their behavior.
- INDIRECT_PROMPT_INJECTION (HIGH): The workflow directs the agent to transfer data from untrusted compiler output (SSA files) into sensitive Rust source files. Ingestion points: Files in the ssa_passes/ directory. Boundary markers: Absent; instructions direct raw copying of content. Capability inventory: Bash and Write permissions allow for arbitrary file modification and command execution. Sanitization: None; no validation ensures the SSA content does not contain malicious code intended to escape Rust test strings.
- COMMAND_EXECUTION (MEDIUM): The skill performs build operations (cargo build) and executes the resulting binary (noir-ssa), which can be influenced by the files processed during the bisection process.
Recommendations
- AI detected serious security threats
Audit Metadata