bug-triage
Fail
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: HIGHDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [DATA_EXFILTRATION]: The skill instructs the agent to read sensitive local configuration and state files, including
agent-orchestrator.yamland session JSON files from~/.agent-orchestrator/. These files are then used to populate GitHub issues or comments, potentially leaking credentials, environment variables, or sensitive session history to an external platform. - [COMMAND_EXECUTION]: The skill performs extensive shell command execution using tools like
git,gh,ao,pm2,tmux, andlsofto gather system diagnostics and interact with the GitHub API. The includedpush_fix_to_github.pyscript further utilizes thesubprocessmodule to manage repository changes and pull requests via the GitHub CLI. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from external sources such as Discord/Slack threads and GitHub issue comments. This content is interpolated into issue bodies and search queries without boundary markers or sanitization, which could be used to manipulate the agent's logic during the triage process.
- [EXTERNAL_DOWNLOADS]: The skill downloads package tarballs from the official npm registry (
registry.npmjs.org) to compare versions and perform regression analysis using thediffutility.
Recommendations
- AI detected serious security threats
Audit Metadata