fix-bug
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill dynamically identifies and executes shell commands for testing, linting, and debugging based on project-specific configuration files such as
Makefile,package.json, andpyproject.toml. These commands are executed via theBashtool to verify bug fixes.\n- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it processes untrusted content from bug reports, issue trackers (usingghorjiracommands), and project source code. \n - Ingestion points: The skill reads issue descriptions from the
$ARGUMENTSvariable, command output from issue tracking tools, and the content of files discovered via project exploration tools.\n - Boundary markers: There are no explicit delimiters or warnings to ignore embedded instructions when interpolating external content into agent prompts.\n
- Capability inventory: The agent has access to tools including
Bash,Write,Edit, andWebFetchwhich could be misused if malicious instructions are processed from the input data.\n - Sanitization: No specific sanitization or validation logic is defined for the data retrieved from external project sources or issue trackers.
Audit Metadata