bonfire-strategic
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is susceptible to indirect prompt injection as it interpolates untrusted user arguments into instructions for subagents. Ingestion points: Arguments $1 and $2 in SKILL.md. Boundary markers: No delimiters or 'ignore embedded instructions' warnings are used when passing data to the Explore and general-purpose agents. Capability inventory: The skill uses Write, Bash(git:*), and Task tools, allowing for permanent filesystem changes. Sanitization: None observed.
- [COMMAND_EXECUTION] (MEDIUM): The skill uses the inline execution operator (!) to run
git rev-parseautomatically and enables the Bash tool for git operations, providing an execution surface that could be leveraged by an injection attack.
Recommendations
- AI detected serious security threats
Audit Metadata