bug-hunt
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: In SKILL.md, user-supplied symptoms and scope parameters (e.g., , , ) are interpolated directly into shell commands such as grep, find, and the ao tool. This pattern is vulnerable to command injection if the input contains shell metacharacters (e.g., semicolons, backticks) or unescaped quotes.
- [PROMPT_INJECTION]: The skill's 'Audit Mode' (Audit Step 2 in SKILL.md) instructs the agent to read every file in a given scope line-by-line and classify findings. This process lacks boundary markers or instructions to ignore embedded directives, creating an 'Indirect Prompt Injection' surface where malicious instructions within the analyzed codebase could override agent behavior. 1. Ingestion points: SKILL.md (Audit Step 2: 'Read every file in scope line by line.'). 2. Boundary markers: Absent; the skill does not define clear delimiters or instruct the agent to ignore instructions found within the data. 3. Capability inventory: The agent has access to file system tools (git, grep, find), external CLI tools (ao, bd), and the ability to spawn subagents using the 'Explore' task tool. 4. Sanitization: No sanitization or escaping of the processed file content is defined before the agent analyzes it.
Audit Metadata