bug-report-gen
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: Comprehensive analysis of the skill's instructions, rule files, and workflow revealed no malicious patterns. The skill is designed for standardizing defect reporting for QA engineers.
- [PROMPT_INJECTION]: The skill ingests untrusted user input to draft or normalize bug reports. This creates an indirect prompt injection surface; however, the risk is mitigated by the skill's design, which uses strict schema mapping and normalization (Mode D) rather than direct execution of user-provided content.
- [COMMAND_EXECUTION]: The skill performs file-write operations to save generated reports. These operations are restricted to a specific output path (
templates/bug-report-gen/output/) and use slugified filenames, which prevents path traversal and is consistent with the skill's functional purpose.
Audit Metadata