bug-hunter
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to use shell commands such as
tail -f logs/app.logandjournalctlto monitor logs. This is consistent with its primary purpose of debugging software.- [DATA_EXPOSURE]: There is a potential for exposure of sensitive data if application or system logs contain PII, credentials, or session tokens. This is a common characteristic of log-based debugging workflows.- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data from logs and bug reports, creating a surface for indirect prompt injection. - Ingestion points: Application logs (
logs/app.log), system logs (journalctl), and browser console output. - Boundary markers: Absent; no specific delimiters are defined to separate untrusted log data from agent instructions.
- Capability inventory: Shell command execution (
tail,journalctl,git) and source code modification permissions. - Sanitization: Absent; the skill does not include steps to sanitize or validate external log content.
Audit Metadata