reproduce-bug
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data from external sources and uses it to drive agent behavior.
- Ingestion points: The skill reads GitHub issue descriptions and comments based on the provided issue number ($ARGUMENTS) in SKILL.md.
- Boundary markers: No boundary markers or 'ignore' instructions are present to prevent the agent from following malicious instructions embedded in the issue text.
- Capability inventory: The agent uses Playwright-based browser automation tools via mcp__plugin_compound-engineering_pw (navigate, click, type, screenshot) and log investigation agents.
- Sanitization: There is no sanitization or validation of the fetched issue content before it is used to guide reproduction steps.
Audit Metadata