Skills
skills/everyinc/every-marketplace/report-bug-ce/Gen Agent Trust Hub

report-bug-ce

Pass

Audited by Gen Agent Trust Hub on Mar 28, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: Transmits user-provided bug reports and system environment information (OS info via uname, CLI versions, and plugin metadata) to the external GitHub repository EveryInc/compound-engineering-plugin. This operation is the primary purpose of the skill and targets a repository owned by the skill's author.
  • [COMMAND_EXECUTION]: Utilizes shell commands including uname -a, gh issue create, and CLI version flags (e.g., claude --version) to collect metadata and perform the bug submission.
  • [PROMPT_INJECTION]: Presents an indirect prompt injection surface where untrusted user input (bug details) is interpolated into a formatted bug report and a shell command (gh).
  • Ingestion points: User responses to questions regarding bug categories, behavior, and steps to reproduce in SKILL.md.
  • Boundary markers: Absent.
  • Capability inventory: Execution of gh issue create (network/write) in SKILL.md.
  • Sanitization: No specific instructions are provided to sanitize or escape user-supplied strings before they are included in the shell command or the report body.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 28, 2026, 01:14 AM