Skills
skills/vitadynamics/vita-cc-market/report-bug-issue/Gen Agent Trust Hub

report-bug-issue

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool to perform system environment checks and interact with the GitHub CLI.
  • It verifies authentication status using gh auth status.
  • It retrieves plugin version information from ~/.claude/plugins/installed_plugins.json and tool versions using claude --version.
  • It collects system metadata using uname -a.
  • It submits the final report to the vendor-owned repository VitaDynamics/vita-cc-market using gh issue create.
  • [PROMPT_INJECTION]: The skill implements an indirect prompt injection surface by incorporating user-provided text into a shell-executed command.
  • Ingestion points: User input is collected via multiple AskUserQuestion prompts in Step 2.
  • Boundary markers: The input is interpolated into a Markdown template which is then passed as a string variable to the gh command; no explicit escaping instructions are provided to the agent.
  • Capability inventory: The skill possesses the Bash capability, allowing for command execution.
  • Sanitization: No explicit sanitization or validation of the user-provided content is performed before it is included in the shell command body.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 08:18 AM