devana-bug-hunt
Pass
Audited by Gen Agent Trust Hub on Jul 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes untrusted data from the repository being analyzed.\n
- Ingestion points: The skill reads repository guidance, configuration files (AGENTS.md, config), READMEs, and the entire source code tree as part of its 'Workflow' (step 4).\n
- Boundary markers: No specific delimiters or instructions are provided to the agent to distinguish between the skill's operational instructions and the potentially adversarial content within the files it analyzes.\n
- Capability inventory: The skill possesses the ability to create and write to the filesystem ('.devana/' directory), modify existing source code to 'fix' detected bugs (Handling Existing Reports), and execute shell commands ('rg', 'ast-grep').\n
- Sanitization: There is no evidence of validation or sanitization of the content ingested from the repository before it is processed by the agent's logic.\n- [COMMAND_EXECUTION]: The skill utilizes local shell commands and structural search tools to perform its analysis. Evidence includes the use of 'rg' (ripgrep) for text discovery and 'ast-grep' for syntax-based searches across the codebase. It also executes shell loops to aggregate and read report headers from the filesystem.
Audit Metadata