bugfix-workflow
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits vulnerability to indirect prompt injection due to its core function of processing external, potentially attacker-controlled data.
- Ingestion points: User-provided bug descriptions, reproduction steps, and technical logs as specified in
SKILL.md. - Boundary markers: The skill lacks explicit instructions or delimiters to isolate untrusted data from the agent's core instructions, increasing the risk that instructions embedded in logs could be executed.
- Capability inventory: The agent is authorized to modify the codebase, write report files to
docs/BUG修复文档/, and run unit tests. - Sanitization: There are no sanitization or validation protocols defined for the ingested logs or descriptions.- [COMMAND_EXECUTION]: The workflow necessitates the creation and execution of unit tests to verify fixes. This involves the execution of dynamically generated code, which carries inherent risks if the generation logic is influenced by malicious data ingested during the debugging phase.
Audit Metadata