Skills
skills/supatest-ai/supa-skills/bug/Gen Agent Trust Hub

bug

Pass

Audited by Gen Agent Trust Hub on Mar 21, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses local commands such as git log, git diff, and git bisect to investigate code changes and regressions.\n- [COMMAND_EXECUTION]: It leverages the GitHub command-line interface (gh issue create) to automate the submission of bug reports to the official platform.\n- [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface (Category 8) as it processes untrusted inputs from bug reports and system logs.\n
  • Ingestion points: User-provided bug descriptions, environment logs, and error messages are processed in Phase 1 and Phase 3.\n
  • Boundary markers: The instructions do not define delimiters or specific constraints to prevent the agent from obeying instructions embedded in logs or descriptions.\n
  • Capability inventory: The skill has access to the local file system, version control history, network requests (via curl), and the GitHub API.\n
  • Sanitization: There is no explicit sanitization or validation of the input data before it is incorporated into the workflow.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 21, 2026, 04:51 PM