skills/av/skills/bughunt/Gen Agent Trust Hub

bughunt

Warn

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill contains explicit instructions to override standard safety protocols regarding user confirmation. Phrases such as "This skill runs end-to-end without asking the user any questions," "Do not pause for confirmation, approval, or input," and "never block on user input" instruct the agent to bypass human oversight.
  • [COMMAND_EXECUTION]: The pipeline autonomously executes shell commands for directory creation (mkdir -p), linter checks, and syntax validation (bash -n, python -m py_compile, tsc --noEmit). While these specific commands are diagnostic, the autonomous nature of their execution coupled with the suppression of user approval increases risk.
  • [DATA_EXFILTRATION]: The skill is instructed to "Read the target files yourself" and "Compile findings into the report" which includes copying code snippets as evidence to an output directory. While localized, this involves wide-scale reading of potentially sensitive codebase content without explicit file-by-file user approval.
  • [INDIRECT_PROMPT_INJECTION]: The skill has a significant attack surface for indirect prompt injection. It reads arbitrary project code and passes it to subagents using the Agent tool. The provided subagent templates (You are bugbashing [project]... Read the file) lack boundary markers or instructions to ignore embedded commands, meaning malicious instructions within the analyzed codebase could influence the subagents' behavior, such as inducing them to generate malicious code edits.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 13, 2026, 10:45 PM
Security Audit — agent-trust-hub — bughunt