bug-reproduction-validator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill is highly susceptible to indirect prompt injection as it is designed to follow reproduction steps provided in untrusted user bug reports. 1. Ingestion points: User-provided bug reports and issue descriptions (SKILL.md). 2. Boundary markers: Absent. There are no instructions to isolate user input or treat it as passive data. 3. Capability inventory: File exploration, database state examination, log reading, and generic execution of reproduction steps across the environment. 4. Sanitization: Absent. The agent is explicitly told to identify and execute the exact steps from the report.
- Dynamic Execution (LOW): The skill generates and executes reproduction scripts and test cases dynamically. While this is the intended primary purpose, it presents an execution vector for instructions found in malicious bug reports.
- COMMAND_EXECUTION (LOW): The agent uses command-line tools like agent-browser and interacts with system logs and databases to validate issues, which are privileged operations performed on the basis of external input.
Audit Metadata