Skills
skills/ratacat/claude-skills/report-bug/Gen Agent Trust Hub

report-bug

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [Command Execution] (SAFE): The skill executes standard system commands ('uname', 'claude --version') to gather environmental context required for a technical bug report. It also invokes 'gh' (GitHub CLI) to automate issue creation.
  • [Data Exposure & Exfiltration] (SAFE): The skill reads from '~/.claude/plugins/installed_plugins.json' to extract version information and sends gathered data to a specific GitHub repository. This is targeted and matches the primary intended purpose of the skill.
  • [Indirect Prompt Injection] (SAFE): The skill ingests untrusted user input to populate the bug report. Evidence: 1. Ingestion points: User answers in Step 1. 2. Boundary markers: Absent (uses markdown headers). 3. Capability inventory: Shell execution ('gh', 'cat'). 4. Sanitization: Absent. This surface is expected for bug reporting and the execution environment typically handles argument escaping.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 04:11 PM