bug-hunter
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFENO_CODECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [NO_CODE]: The skill is composed exclusively of markdown documentation and instructional content (README.md and SKILL.md) and does not bundle any scripts, binaries, or automated executable files.
- [SAFE]: All provided instructions and code examples represent standard debugging procedures, such as log monitoring, breakpoint usage, and unit testing, with no indicators of malicious intent or safety filter bypasses.
- [COMMAND_EXECUTION]: The skill provides templates for the agent to execute shell commands for system diagnostics, including tail for log inspection, journalctl for system service logs, and git bisect for identifying regressions.
- [PROMPT_INJECTION]: The debugging process involves a surface area for indirect prompt injection as it requires the agent to read and process external data that could be attacker-controlled. Ingestion points: Application logs (logs/app.log), system journal output (journalctl), database records, and browser console logs. Boundary markers: The instructions do not define specific delimiters to distinguish log data from agent instructions. Capability inventory: The agent has instructions to perform source code modifications and execute diagnostic shell commands. Sanitization: No explicit sanitization or validation steps are outlined for the data gathered during the evidence collection phase.
Audit Metadata