Skills
skills/ulpi-io/skills/bugfix-crate/Gen Agent Trust Hub

bugfix-crate

Pass

Audited by Gen Agent Trust Hub on Apr 1, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted external data from an issues file and crate source code, creating a surface for indirect prompt injection.\n
  • Ingestion points: The $issues_file markdown and crate source files are read into the agent context in SKILL.md.\n
  • Boundary markers: Absent; no specific delimiters or instructions are used to distinguish external data from system prompts.\n
  • Capability inventory: The skill uses Bash, Write, and Edit tools as defined in SKILL.md.\n
  • Sanitization: Absent; content read from external files is not validated or filtered before processing.\n- [COMMAND_EXECUTION]: The skill executes shell commands using cargo test and cargo clippy via the Bash tool in SKILL.md.\n
  • This involves running code within the target crate, such as build scripts and procedural macros, which can execute arbitrary code if the crate source is malicious.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 1, 2026, 04:41 AM