skills/bnomei/devana/devana-bug-hunt/Gen Agent Trust Hub

devana-bug-hunt

Pass

Audited by Gen Agent Trust Hub on Jul 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes untrusted data from the repository being analyzed.\n
  • Ingestion points: The skill reads repository guidance, configuration files (AGENTS.md, config), READMEs, and the entire source code tree as part of its 'Workflow' (step 4).\n
  • Boundary markers: No specific delimiters or instructions are provided to the agent to distinguish between the skill's operational instructions and the potentially adversarial content within the files it analyzes.\n
  • Capability inventory: The skill possesses the ability to create and write to the filesystem ('.devana/' directory), modify existing source code to 'fix' detected bugs (Handling Existing Reports), and execute shell commands ('rg', 'ast-grep').\n
  • Sanitization: There is no evidence of validation or sanitization of the content ingested from the repository before it is processed by the agent's logic.\n- [COMMAND_EXECUTION]: The skill utilizes local shell commands and structural search tools to perform its analysis. Evidence includes the use of 'rg' (ripgrep) for text discovery and 'ast-grep' for syntax-based searches across the codebase. It also executes shell loops to aggregate and read report headers from the filesystem.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 1, 2026, 05:02 PM
Security Audit — agent-trust-hub — devana-bug-hunt