bug-fix
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted bug descriptions provided via the
$ARGvariable to perform downstream actions. - Ingestion points: The skill accepts external bug descriptions through the
$ARGvariable in bothSKILL.mdandreferences/commands/bug-fix.md. - Boundary markers: There are no explicit delimiters or instructions provided to the agent to treat the input as data only or to ignore embedded instructions within the bug description.
- Capability inventory: The agent is authorized to perform side-effect operations including
git commit,git push, andgithub create issue/PRbased on the context of the bug. - Sanitization: No sanitization, escaping, or validation logic is defined to prevent a malicious bug description from influencing the agent's behavior during Git or GitHub operations.
Audit Metadata