debug
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes unvalidated external data from bug reports and source files.\n- Ingestion points: Untrusted data enters the agent context via the AskUserQuestion tool (Step 1) and through file content retrieved by the Read and Grep tools (Step 4).\n- Boundary markers: The skill does not implement delimiters or specific instructions to isolate external data from the system's execution instructions.\n- Capability inventory: The workflow utilizes sensitive capabilities including Bash for git operations, Edit for modifying code, and Write for outputting research reports.\n- Sanitization: There is no explicit validation or sanitization of the content gathered from bug reports or source code before it is interpreted by the agent.
Audit Metadata