Skills
skills/sd0xdev/sd0x-dev-flow/bug-fix/Gen Agent Trust Hub

bug-fix

Pass

Audited by Gen Agent Trust Hub on Mar 27, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection.
  • Ingestion points: Untrusted data enters the agent context via the gh issue view <number> command in Phase 1 (SKILL.md).
  • Boundary markers: There are no explicit delimiters or instructions provided to the agent to isolate or ignore potentially malicious instructions embedded within the GitHub issue content.
  • Capability inventory: The skill has access to powerful tools including Edit, Write, and Bash (SKILL.md), which could be misused if the agent obeys instructions hidden in an issue.
  • Sanitization: There is no mention of sanitizing, escaping, or validating the external content before it is processed by the agent. While the skill explicitly prohibits git commit/push operations, reducing the risk of unauthorized code changes being persisted, the agent could still be manipulated into performing unintended local actions.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 27, 2026, 01:12 AM