spec-test-bug
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface (Category 8) because it processes untrusted external data such as error logs and user-provided reproduction steps.
- Ingestion points: The skill ingests data from external sources including user-provided logs, bug descriptions, and project memory files (
project/memory/*.md). - Boundary markers: The skill lacks explicit delimiters or boundary instructions to isolate ingested log content, which could allow malicious instructions embedded in a log to influence the agent's behavior during report generation.
- Capability inventory: The skill is designed to read existing files and generate content intended to update report files (
verification/report-*.md). - Sanitization: The instructions explicitly require de-identifying sensitive information in logs, but there is no mechanism to sanitize the content for potential injection attacks.
Audit Metadata