Skills
skills/udecode/plate/report-bug-ce/Gen Agent Trust Hub

report-bug-ce

Pass

Audited by Gen Agent Trust Hub on Mar 27, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes standard system discovery commands, such as uname -a and CLI version flags (e.g., claude --version), to gather technical environment metadata for the bug report. These are non-privileged commands used appropriately for troubleshooting.- [DATA_EXFILTRATION]: Environment metadata and user-provided bug descriptions are transmitted to the EveryInc/compound-engineering-plugin repository on GitHub. This data transfer is the intended primary function of the skill and targets a repository consistent with the plugin's name.- [PROMPT_INJECTION]: The skill processes untrusted user input from questions regarding bug behavior and error messages to populate the final report. This represents a surface for indirect prompt injection; however, the structured nature of the report and the specific context of bug reporting minimize the associated risk.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 27, 2026, 05:26 PM