bugbash
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requires the agent to execute arbitrary build and startup commands associated with the target project, such as
npm run build,docker-compose up, orcargo build. This provides the agent with broad capability to execute shell commands within the local environment based on the specific software project being analyzed. - [PROMPT_INJECTION]: The skill systematically ingests and processes data from external, potentially untrusted sources, including CLI help menus, API schemas, and runtime logs. This creates an indirect prompt injection surface where malicious instructions embedded in the target software's output could attempt to manipulate the agent's behavior.
- Ingestion points: Target help menus (
{TARGET} --help), API schemas, module exports, and runtime process logs (stdout/stderr). - Boundary markers: Absent. There are no instructions to delimit or treat the ingested target data as untrusted.
- Capability inventory: Extensive shell command execution (building, running, and testing software) and file system writes.
- Sanitization: Absent. The agent captures and records raw evidence directly into reports without validation or filtering.
Audit Metadata