report-bug
Warn
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes multiple shell commands to collect system information, including
caton plugin configuration files,claude --version, anduname -a. It also uses theghCLI to perform network operations. - [REMOTE_CODE_EXECUTION]: The skill is vulnerable to command injection because it interpolates untrusted user input collected in Step 1 (bug description, error messages) directly into the arguments of the
gh issue createcommand in Step 4. An attacker could use shell metacharacters in the bug report to execute arbitrary code on the host machine. - [PROMPT_INJECTION]: The skill exhibits vulnerability to indirect prompt injection through its data ingestion and processing flow.
- Ingestion points: User input is collected via the AskUserQuestion tool in Step 1 for various bug report fields.
- Boundary markers: No boundary markers or instructions to ignore embedded commands are present in the command templates.
- Capability inventory: The skill has the capability to read local files (Step 2) and execute shell commands with network access (Step 4).
- Sanitization: There is no evidence of sanitization, escaping, or validation of user-provided strings before they are interpolated into shell commands.
Audit Metadata