skills/bitbonsai/mcpvault/triage/Gen Agent Trust Hub

triage

Warn

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: MEDIUMPROMPT_INJECTIONREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted data from GitHub issue bodies, comments, and CI logs which are used to guide sub-agents in writing code. This creates a surface for indirect prompt injection where malicious content in a repository could influence the agent's code generation or behavior.
  • [REMOTE_CODE_EXECUTION]: The automated review process for contributor Pull Requests involves checking out external branches and executing 'npm ci', 'npm test', and 'npm run build'. Running package installation and test suites on unverified code is a high-risk activity that can facilitate remote code execution if a contributor includes malicious lifecycle scripts or tests.
  • [COMMAND_EXECUTION]: Extensive use of 'gh' and 'git' provides the skill with significant capabilities to modify the repository and post to GitHub. These tools could be abused to perform unauthorized actions if the agent's logic is compromised by malicious repository data.
  • [DATA_EXFILTRATION]: The capability to read sensitive CI logs and issue comments, combined with the ability to interact with the GitHub API, creates a potential exfiltration path for repository data if the agent's autonomy is hijacked via injection.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 18, 2026, 12:27 PM
Security Audit — agent-trust-hub — triage