cc-fix
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to ingest and process user-provided data such as bug descriptions, reproduction steps, and error messages. This creates an inherent surface for indirect prompt injection, where malicious instructions could be embedded in user reports to influence agent behavior.\n
- Ingestion points: User input is used to populate templates in
SKILL.mdandreferences/issue-report.md.\n - Boundary markers: The skill instructions do not explicitly define the use of markers or delimiters to isolate untrusted user data from internal instructions.\n
- Capability inventory: The agent has the ability to modify source code, write documentation to disk (e.g., in the
wiki/issues/directory), and execute shell commands for testing.\n - Sanitization: There is no instruction to sanitize or validate external input before it is processed by the agent during analysis or reporting steps.\n- [COMMAND_EXECUTION]: The workflow requires the agent to run project-specific commands like
npm testto verify the effectiveness of bug fixes. This involves shell command execution within the local environment. This is a standard practice for automated regression testing and is restricted to the context of the local project's test suite.
Audit Metadata