Skills
skills/rajveer-mahida/buddy-skills/buddy/Gen Agent Trust Hub

buddy

Warn

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill automates complex development workflows by executing shell commands for Git operations (checkout, commit, push), linting (eslint), and testing (npm, jest). It includes a deployment script (scripts/install-skill.js) that performs recursive directory copies into multiple global AI agent configuration paths (e.g., .claude/skills, .gemini/skills), establishing the orchestrator across the user's AI tools. Additionally, the skill references and attempts to execute a local script (scripts/git-ops.js) which is missing from the provided files, preventing verification of its contents.
  • [PROMPT_INJECTION]: An indirect prompt injection surface is present because the skill processes untrusted data from Linear issues, project files, and web search results. This data is incorporated into prompts for specialized sub-agents without adequate sanitization or boundary delimiters to prevent embedded instructions from overriding agent behavior.
  • Ingestion points: Linear API through MCP, local project files, and web search results via Brave Search MCP.
  • Boundary markers: Prompt templates in the sub-agent skills lack explicit markers or instructions to ignore content within interpolated variables.
  • Capability inventory: High-privilege actions including file modification and shell command execution.
  • Sanitization: No evidence of validation or filtering is applied to external data before it is used to construct prompts for the Developer or Tester agents.
  • [CREDENTIALS_UNSAFE]: The Git Agent uses the git add -A command to stage all changes in the workspace. This practice creates a risk of accidentally committing sensitive files, such as .env files, SSH keys, or other local configuration secrets, if they are not specifically excluded by a .gitignore file.
  • [EXTERNAL_DOWNLOADS]: The skill documentation facilitates the integration of several MCP servers from trusted organizations (Anthropic) and well-known services (Browserbase) to handle external platform interactions and browser-based testing.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 10, 2026, 04:22 AM