triage
Warn
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to run tests or commands based on a reporter's steps to reproduce bugs. This creates a vector for arbitrary command execution if an attacker provides malicious instructions in an issue report.
- [PROMPT_INJECTION]: The skill ingests untrusted data from issue trackers (bodies, comments, and labels) which presents an indirect prompt injection surface. This allows external users to potentially influence agent behavior.
- Ingestion points: Issue tracker data (body, comments, labels, and metadata) processed in SKILL.md.
- Boundary markers: None specified to delimit external content from instructions.
- Capability inventory: Execution of shell commands and tests (bug reproduction), file system writes (creating out-of-scope records), and network operations (posting comments to the tracker).
- Sanitization: No explicit sanitization or validation of the ingested content is defined.
Audit Metadata