bug-fix-expert
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements strong input validation for the Bug-ID using the regex
^[A-Za-z0-9_-]{1,64}$, which effectively mitigates path traversal (../), command injection, and branch naming attacks. - [SAFE]: It enforces strict environment isolation by requiring all sub-agents with write access to operate within independent
git worktrees. This prevents cross-task interference and protects the main workspace. - [SAFE]: The skill uses structured communication delimiters (
===== AGENT_COMPLETION_BEACON =====and===== END_BEACON =====) and instructs the master agent to ignore any content following the end marker, providing a defense against indirect prompt injection from sub-agent outputs. - [SAFE]: Local security is prioritized by creating worktrees in
$TMPDIR(which is user-private on macOS) and applyingumask 077to ensure that temporary source code and build artifacts are not readable by other users on the system. - [SAFE]: Data exfiltration is mitigated by disabling git push capabilities (
remote set-url --push origin PUSH_DISABLED) within the temporary worktrees and mandating the use of mock data for testing instead of real credentials. - [SAFE]: The workflow incorporates an independent review role that is isolated from the fixer role, ensuring that all code changes are verified by a separate agent before being merged.
Audit Metadata