bug-hunt

Pass

Audited by Gen Agent Trust Hub on Jun 26, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) due to its core functionality of reading and analyzing external codebase data.
  • Ingestion points: In Phase 1 and Phase 2, the skill uses the Read and Grep tools to ingest content from the target codebase (as defined in references/hunter-prompt.md and references/skeptic-prompt.md).
  • Boundary markers: The skill interpolates report data and codebase content directly into subagent prompt templates (e.g., <HUNTER_REPORT>) without using specific delimiters or "ignore embedded instructions" warnings to separate data from the subagent's mission instructions.
  • Capability inventory: The subagents utilize feature-dev:code-reviewer and general-purpose types, possessing the ability to read files and traverse directories using Glob, Read, and Grep tools.
  • Sanitization: There is no evidence of sanitization, escaping, or validation of the codebase content before it is processed by the subagents.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 26, 2026, 12:46 AM
Security Audit — agent-trust-hub — bug-hunt