Skills
skills/reinamaccredy/skills/bug-hunt-swarm/Gen Agent Trust Hub

bug-hunt-swarm

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes external, potentially untrusted data which creates a surface for indirect prompt injection.
  • Ingestion points: Data is ingested in Step 1 from user descriptions, logs, stack traces, and failing tests (SKILL.md).
  • Boundary markers: The instructions define an investigation 'brief' and 'packet' but do not specify the use of delimiters (like XML tags) or explicit instructions for agents to ignore instructions embedded within the ingested logs.
  • Capability inventory: The skill utilizes read-only tools including rg, git diff, git log, git show, and Read across all scripts.
  • Sanitization: No sanitization or escaping mechanisms are described for the external content being processed.
  • Mitigation: The risk is significantly reduced by the skill's strict enforcement of read-only operations and a mandatory Step 5 verification process that requires the main agent to cross-reference all claims with actual source code before finalizing a diagnosis.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 03:36 PM
Security Audit — agent-trust-hub — bug-hunt-swarm