bug-hunt
Pass
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) due to its core functionality of reading and analyzing external codebase data.
- Ingestion points: In Phase 1 and Phase 2, the skill uses the
ReadandGreptools to ingest content from the target codebase (as defined inreferences/hunter-prompt.mdandreferences/skeptic-prompt.md). - Boundary markers: The skill interpolates report data and codebase content directly into subagent prompt templates (e.g.,
<HUNTER_REPORT>) without using specific delimiters or "ignore embedded instructions" warnings to separate data from the subagent's mission instructions. - Capability inventory: The subagents utilize
feature-dev:code-reviewerandgeneral-purposetypes, possessing the ability to read files and traverse directories usingGlob,Read, andGreptools. - Sanitization: There is no evidence of sanitization, escaping, or validation of the codebase content before it is processed by the subagents.
Audit Metadata