reproduce-bug
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8).
- Ingestion points: The skill reads instructions and reproduction steps directly from GitHub issue descriptions and comments via the issue number argument.
- Boundary markers: There are no explicit delimiters or safety instructions (e.g., 'ignore embedded instructions') used to separate the task logic from the external data being processed.
- Capability inventory: The agent has access to browser automation (navigation, interaction, screenshots), log analysis tools, and the ability to write comments back to the GitHub issue. This allows an attacker to potentially command the agent to perform unauthorized actions or exfiltrate local data via screenshots.
- Sanitization: No sanitization, validation, or filtering is applied to the content fetched from the GitHub issue before the agent interprets it as a series of actions to perform.
Audit Metadata