reproduce-and-fix-issues
Pass
Audited by Gen Agent Trust Hub on Jun 24, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [SAFE]: No security issues detected. The skill follows best practices for agentic security by implementing immutable configuration values, isolation of sub-workers, and explicit credential management instructions.- [PROMPT_INJECTION]: The skill's surface for indirect prompt injection from Slack thread content and external tracker data is well-mitigated. It requires a 'trusted triage marker' (e.g., [benny:bug]) and validates the author identity before processing any external instructions. Mandatory Evidence Chain: (1) Ingestion points: Slack threads and tracker issues in SKILL.md. (2) Boundary markers: Mandatory [benny:bug] marker from a trusted user ID. (3) Capability inventory: Code modification, UI automation, and GitHub PR creation across SKILL.md and control-adapter.md. (4) Sanitization: Manual review of final diffs and explicit prohibitions against Slack write actions for worker sub-agents.- [COMMAND_EXECUTION]: Environment setup and UI automation (clicks, typing, builds) are handled via a configurable control adapter. These operations are restricted to defined test environments and include mandatory cleanup steps for temporary sessions and profiles.
Audit Metadata