self-healing
Warn
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted log data to generate code fixes.\n
- Ingestion points: System and application logs from CI, Vercel, and local runtime are ingested in the 'Detect' phase in SKILL.md.\n
- Boundary markers: No delimiters or safety instructions are defined to isolate log content from the agent's logic.\n
- Capability inventory: The skill can modify files, commit changes to git, and execute code through build and test scripts.\n
- Sanitization: The instructions require the 'exact' error message and stack trace, without any validation or filtering.\n- [COMMAND_EXECUTION]: The skill automatically executes shell commands to validate and apply code changes.\n
- Evidence: Phase 4: Validate in SKILL.md executes commands including
npm test,npm run build, andnpx tsc --noEmitautomatically after a fix is generated.
Audit Metadata