debug
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Path traversal vulnerability in
scripts/cli.ts. ThesessionIdparameter, which is provided via user input or HTTP requests, is used to construct file paths viapath.joinwithout sufficient validation or sanitization. This allows an attacker to potentially write to or delete files outside of the intended.debugdirectory by using relative path sequences (e.g.,../../). - [PROMPT_INJECTION]: Risk of indirect prompt injection. The skill's primary workflow involves the AI agent reading and interpreting log files that are populated with data from external sources (the frontend/UI being debugged). If the application under test is compromised or if an attacker can influence the logged data, they could inject malicious instructions that the agent might follow when it 'analyzes logs' in Phase 5.
- [COMMAND_EXECUTION]: Insecure CORS configuration in the debug server. The
cli.tsscript usesHttpMiddleware.cors()without origin restrictions, allowing any website visited by the user to send POST requests to the local server. When combined with the path traversal vulnerability, this creates a vector where a malicious website could write arbitrary files to the user's local filesystem. - [COMMAND_EXECUTION]: The skill's operational requirements include broad capabilities such as shell command execution (
bun,curl,cat,lsof) and the ability to modify project source code for instrumentation. These high-privilege operations significantly amplify the potential impact if the agent is successfully manipulated via injected instructions.
Audit Metadata