incident-response
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted bug reports that could contain malicious instructions. 1. Ingestion points: The argument passed via $ARGUMENTS in SKILL.md. 2. Boundary markers: Absent; the input is not delimited to prevent the agent from obeying embedded instructions. 3. Capability inventory: The skill can create git branches, execute the /fix command to modify code, and read sensitive state such as log entries and database records. 4. Sanitization: Absent; the skill does not perform validation or escaping of the input.
- [COMMAND_EXECUTION]: The skill uses shell command substitution ($(date +%Y%m%d-%H%M)) to dynamically generate branch names, indicating that the agent environment executes strings in a shell context.
Audit Metadata