Skills
skills/nymbo/skills/bug-triage/Gen Agent Trust Hub

bug-triage

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • Indirect Prompt Injection (HIGH): The skill is designed to ingest and process untrusted external data, specifically bug reports, stack traces, and repository logs.
  • Ingestion points: Processes user-provided "Error text / stack trace / logs" and repository files like AGENTS.md and CONTRIBUTING.md (SKILL.md).
  • Boundary markers: No explicit delimiters or boundary markers are defined to separate untrusted data from the agent's instructions.
  • Capability inventory: The skill explicitly instructs the agent to execute shell commands (bun, npm, pnpm, yarn, rg, git bisect) and modify repository files to implement fixes (SKILL.md).
  • Sanitization: No sanitization or validation of the input data is performed.
  • Remote Code Execution / Command Execution (HIGH): The skill directs the agent to execute build, lint, and test scripts based on the contents of an untrusted repository. This allows for arbitrary code execution if the repository or the bug report contains malicious instructions hidden within build configurations or logs.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 05:05 AM