Debugging
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill possesses an inherent attack surface for indirect prompt injection because it is designed to ingest and act upon untrusted data such as error logs, stack traces, and test file contents.
- Ingestion points:
root-cause-tracing/find-polluter.sh(scans test files),systematic-debugging/SKILL.md(recommends reading error messages and stack traces). - Boundary markers: Absent; there are no specific delimiters or instructions to ignore potential commands embedded in logs or test files.
- Capability inventory: The skill uses
npm testinfind-polluter.shand provides examples of usingsecurity,codesign, andgitinsystematic-debugging/SKILL.mdfor diagnostic purposes. - Sanitization: Absent; the skill does not suggest sanitizing or escaping the content of logs or test files before processing them.
- Command Execution (SAFE): The
root-cause-tracing/find-polluter.shscript executesnpm test. This is the intended primary purpose of the skill (debugging and testing) and is performed locally. It does not download or execute remote scripts. - Prompt Injection (SAFE): The use of strong instructional language (e.g., 'Iron Law', 'CRITICAL', 'IMPORTANT') is consistent with the skill's purpose of enforcing a rigorous debugging process and does not represent an attempt to bypass AI safety guardrails.
Audit Metadata