bug-analyze
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its core functionality of processing external data.
- Ingestion points: Reads content from GitHub Issues labeled as 'bug'.
- Boundary markers: No delimiters or explicit instructions are provided to the agent to ignore potentially malicious commands embedded within the issue description.
- Capability inventory: The agent has the capability to modify source code (up to 20 lines), create new git branches, and submit Pull Requests.
- Sanitization: There is no evidence of input validation or sanitization to prevent the agent from being manipulated by a specially crafted GitHub issue.
- [NO_CODE]: The analyzed skill consists entirely of markdown documentation and YAML metadata. No executable scripts, binaries, or configuration files containing code were provided for analysis.
Audit Metadata