Skills
skills/udecode/plate/reproduce-bug/Gen Agent Trust Hub

reproduce-bug

Warn

Audited by Gen Agent Trust Hub on Mar 30, 2026

Risk Level: MEDIUMPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection because it fetches and processes untrusted content from GitHub issues and comments using the gh tool.\n
  • Ingestion points: Content retrieved via gh issue view (issue title, body, and comments).\n
  • Boundary markers: Absent; the agent is instructed to directly analyze the fetched text for symptoms and reproduction steps.\n
  • Capability inventory: Execution of shell commands (gh, git), browser automation (agent-browser), and file system access.\n
  • Sanitization: None; the instructions do not include guidance to ignore or sanitize embedded commands within the fetched issue data.\n- [DATA_EXFILTRATION]: The skill instructions direct the agent to search .env files to identify local server port numbers. This constitutes access to a sensitive file path that frequently contains hardcoded credentials, API keys, and other secrets, posing a risk of unintentional exposure.\n- [COMMAND_EXECUTION]: The skill uses $ARGUMENTS directly within shell command blocks (e.g., gh issue view $ARGUMENTS). This pattern is susceptible to command injection if the user-supplied argument contains shell metacharacters that are not properly escaped by the platform's execution environment.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 30, 2026, 01:22 AM