Skills
skills/vieko/bonfire/bonfire-review/Gen Agent Trust Hub

bonfire-review

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • PROMPT_INJECTION (HIGH): Vulnerable to Indirect Prompt Injection through untrusted code and session data.
  • Ingestion points: Reads git diff output and .bonfire/index.md content to build the review context.
  • Boundary markers: Uses markdown headers (e.g., **Files changed**:) which are insufficient to prevent an attacker from embedding instructions within code comments that the agent might follow.
  • Capability inventory: Has Write access to the filesystem (to fix findings) and Bash access to gh and linear tools to create external issues.
  • Sanitization: No evidence of escaping or filtering untrusted content before it is interpolated into the subagent prompt.
  • COMMAND_EXECUTION (MEDIUM): Executes shell commands with data derived from untrusted sources.
  • Evidence: The skill uses gh issue create and linear issue create using titles and descriptions generated from the review findings.
  • Risk: If the review process is compromised via prompt injection, an attacker could manipulate the arguments of these CLI commands to perform unintended actions in the user's GitHub or Linear environments.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 01:25 AM