fixbug
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill inherently performs dynamic code execution as part of its core functionality.
- Evidence: Step 6.1 through 6.3 involves writing regression tests and running the project's full test suite to verify fixes. Additionally, Step 4 instructs a sub-agent to reproduce the bug, which typically requires executing project code.
- Context: This behavior is expected for a TDD-based debugging tool, but users should be aware that running tests on untrusted codebases could trigger malicious side effects if the project itself is compromised.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through external data ingestion.
- Ingestion points: Step 1 accepts bug descriptions from prompt text, external files (e.g.,
@issues/bug-123.md), and the current conversation context (review reports). - Boundary markers: The skill does not implement explicit delimiters or "ignore instructions" warnings when passing these inputs to the sub-agent in Step 4.
- Capability inventory: The agent has permissions to read/write files, execute shell commands (test suites), and perform git commits.
- Sanitization: No sanitization or validation of the input bug reports is described before processing.
- Risk: A maliciously crafted bug report could attempt to influence the sub-agent's diagnosis or the final code fix instructions.
Audit Metadata