Skills
skills/petekp/agent-skills/fixer/Gen Agent Trust Hub

fixer

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to Indirect Prompt Injection via untrusted project data.
  • Ingestion points: The triage protocol in SKILL.md reads git log, git diff, README.md, CLAUDE.md, and package.json to establish 'ground truth'.
  • Boundary markers: Absent. The agent is not instructed to use delimiters or ignore instructions found within these files.
  • Capability inventory: The agent has the capability to execute shell commands (git, build tools, linting) and modify the filesystem (e.g., git checkout <commit> -- <file>).
  • Sanitization: Absent. The agent does not sanitize file contents or command arguments before execution.
  • [COMMAND_EXECUTION] (HIGH): In SKILL.md, the instruction to 'Run whatever build/lint command the project uses' represents a significant risk. If a project has a malicious build script defined in package.json or a Makefile, the agent will execute it automatically during triage.
  • [DATA_EXFILTRATION] (LOW): While no direct exfiltration (network calls) was found, the protocol involves reading the entire git log and git diff into the model context, which could potentially expose sensitive information to the model provider.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 08:22 AM