bug-hunt
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands for file system exploration and repository analysis, including 'git log', 'git blame', 'git diff', 'grep', and 'find'. These are standard tools for debugging and code auditing.
- [COMMAND_EXECUTION]: It invokes external tools 'ao' and 'bd' (beads) for metrics retrieval and issue management, which are consistent with the skill's stated purpose and authored context.
- [PROMPT_INJECTION]: The skill processes source code files and error logs, creating an indirect prompt injection surface. Ingestion points: Source code files (*.py, *.ts, *.go, *.rs) and CI/error logs. Boundary markers: Absent. Capability inventory: Git operations, file searching, issue tracking (bd), metrics citation (ao), and writing reports to local '.agents/' directories. Sanitization: Absent. This represents a low-risk surface inherent to the audit and investigation functions.
- [COMMAND_EXECUTION]: Documentation within the skill addresses privileged operations such as debugger attachment and modification of 'ptrace' or 'sysctl' settings. These are presented as manual, triage-specific steps requiring reference materials, rather than automated execution.
Audit Metadata