bug-detective
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it is designed to ingest and analyze external code and error messages which could contain malicious instructions.
- Ingestion points: Source code files and error descriptions retrieved via the
Readtool and themcp__julienavigation tools. - Boundary markers: Absent; the workflow does not provide specific delimiters or instructions to the agent to disregard natural language instructions that might be embedded in the code or logs being investigated.
- Capability inventory: The skill is granted access to high-privilege tools including
Bash,Write,Edit, andRead. - Sanitization: None; the skill processes data from the environment as-is to facilitate debugging.
- [COMMAND_EXECUTION]: The workflow explicitly instructs the agent to use the
Bashtool to reproduce bugs and run test suites. This is a primary function of the skill and used within the context of a methodical debugging process. - [SAFE]: No obfuscation, hidden URLs, or unauthorized data exfiltration patterns were detected. The use of specialized MCP tools (
mcp__sherpa,mcp__julie,mcp__goldfish) represents a standard integration for structured agentic workflows.
Audit Metadata