issue-troubleshooting
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides a bash script
scripts/find-polluter.shdesigned to identify tests that create side effects. The script executesnpm teston files found within the repository based on a user-defined pattern, which involves running local code as part of the troubleshooting flow.\n- [PROMPT_INJECTION]: The troubleshooting workflow (Phase 1) requires the agent to ingest and analyze external, potentially untrusted data like error messages, stack traces, and git diffs, which creates a surface for indirect prompt injection if that data contains malicious instructions.\n - Ingestion points: Error messages, stack traces, and git history (diffs) processed in Phase 1 (SKILL.md).\n
- Boundary markers: The instructions lack explicit delimiters or warnings to ignore instructions that might be embedded within the logs, stack traces, or commit history.\n
- Capability inventory: The agent has the capability to execute shell commands and run tests via the provided scripts.\n
- Sanitization: There is no evidence of sanitization, filtering, or validation of the data ingested from logs or code history.
Audit Metadata