bonfire-spec
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is vulnerable to Indirect Prompt Injection. It processes untrusted codebase files through the codebase-explorer subagent to generate documentation. If a file contains malicious instructions (e.g., within comments or documentation), the agent could be manipulated during the spec-writing phase. Evidence: 1. Ingestion: Codebase files and git repository structure via explorer agent. 2. Boundaries: None defined for separating data from instructions. 3. Capability: Write tool (file modification) and Bash tool (system commands). 4. Sanitization: Absent.
- COMMAND_EXECUTION (MEDIUM): The skill utilizes the Bash tool restricted to git commands (git:*). While the scope is limited, it allows for modifications to the repository's state and history, which could be exploited if the agent is manipulated via prompt injection to run specific git sequences or configuration changes.
Recommendations
- AI detected serious security threats
Audit Metadata