find-bugs
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill's core functionality involves analyzing external code and diffs, which constitutes an indirect prompt injection surface where malicious instructions could be embedded in the reviewed code.
- Ingestion points: Code changes are read using git and gh commands in Step 1.
- Boundary markers: The skill does not explicitly use delimiters to separate ingested code from its internal logic.
- Capability inventory: The skill executes git and GitHub CLI tools to retrieve data.
- Sanitization: No sanitization or escaping of the ingested code content is specified.
- [SAFE]: The skill is designed for security auditing and bug hunting, uses standard CLI tools for its operations, and does not contain hardcoded secrets, obfuscation, or remote code execution patterns.
Audit Metadata