frontend-bugfix
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is designed to ingest and act upon untrusted external data, specifically test failure logs, stack traces, and code snippets.\n
- Ingestion points: The workflow identifies 'error classification' and 'evidence quality' (stack traces, line numbers) as primary inputs (SKILL.md).\n
- Capability inventory: The skill explicitly mentions a 'Confidence Scoring System' where scores above 80 result in 'Auto-execute' (自动执行). It also provides common commands for execution:
make test TARGET=frontend,make test TARGET=frontend MODE=coverage, andmake qa.\n - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the provided workflow to protect against adversarial data.\n
- Sanitization: No sanitization or validation of external content is described.\n- Command Execution (HIGH): The skill provides templates for shell commands that interact with the local build system (
make). Combined with the auto-execution logic described in the scoring system, this provides a direct path for executing commands influenced by potentially malicious test output.
Recommendations
- AI detected serious security threats
Audit Metadata