skills/remix-run/react-router/fix-bug/Gen Agent Trust Hub

fix-bug

Pass

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: The skill contains a surface for indirect prompt injection as it is designed to ingest data from external sources such as GitHub issues and code reproduction sandboxes.
  • Ingestion points: The workflow fetches issue details and reproduction code via gh issue view and WebFetch from GitHub, StackBlitz, and CodeSandbox URLs (SKILL.md).
  • Boundary markers: The instructions do not specify the use of delimiters to separate untrusted external content from the agent's core instructions.
  • Capability inventory: The skill enables the execution of shell commands such as pnpm test, git, and gh, and allows for file system writes to implement fixes (SKILL.md).
  • Sanitization: There are no explicit instructions for the agent to sanitize or validate retrieved external content before it is processed.
  • [COMMAND_EXECUTION]: The skill utilizes common command-line utilities including git, pnpm, and gh to perform branch management, testing, and issue viewing. These operations are aligned with the skill's primary purpose of providing developer assistance for the official remix-run/react-router repository.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 22, 2026, 02:26 AM
Security Audit — agent-trust-hub — fix-bug