verify-fix
Warn
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill is designed to fetch content from an external, untrusted source (a GitHub issue body) and explicitly instructs the agent to "run the reproduction steps" extracted from that content. This behavior allows for the execution of arbitrary commands provided by a third party.
- [COMMAND_EXECUTION]: To perform its primary function of building products from source and reproducing bugs, the skill requires the agent to execute shell commands. Because these commands are derived from untrusted external data, it poses a risk of unauthorized command execution.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. An attacker could craft a GitHub issue where the "reproduction steps" are actually instructions meant to hijack the agent's behavior, exfiltrate environment variables, or install persistent malware.
- Ingestion points: GitHub Issue URL/ID provided as the primary argument (SKILL.md).
- Boundary markers: None present; the agent is not instructed to treat the fetched content as untrusted or to ignore embedded commands.
- Capability inventory: Full shell access is implied by the requirement to "build the product from source" and "run the reproduction steps."
- Sanitization: No sanitization, validation, or human-in-the-loop verification is specified for the code or commands extracted from the external source.
Audit Metadata