debugging-and-error-recovery
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or unauthorized data access were found. The skill aligns with professional software development standards and provides best-practice debugging methodologies.
- [COMMAND_EXECUTION]: The skill includes instructions for using standard developer commands like
npm test,npm run build, andgit bisectfor legitimate diagnostic workflows. These are used as examples for the agent to follow during triage. - [PROMPT_INJECTION]: The skill addresses the risk of indirect prompt injection by defining how to handle untrusted diagnostic data.
- Ingestion points: The agent is instructed to ingest error messages, logs, and stack traces from external sources (SKILL.md).
- Boundary markers: The 'Treating Error Output as Untrusted Data' section sets explicit boundaries, informing the agent to treat this data as diagnostic information rather than instructions.
- Capability inventory: The agent has the capability to run build commands and test suites via the shell (SKILL.md).
- Sanitization: The skill mandates that instructions found within error output must not be executed without explicit user confirmation, acting as a critical safety check.
Audit Metadata