debug-cli
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill and the provided helper script ('test_cli.sh') execute standard development commands, specifically 'cargo build' and running the local binary './target/debug/forge'. These actions are expected for a CLI debugging tool and do not involve privilege escalation or suspicious behavior.
- [EXTERNAL_DOWNLOADS] (SAFE): The 'cargo build' command involves dependency resolution from crates.io. Per the security guidelines, downloads from trustworthy sources for their intended purpose are considered safe.
- [PROMPT_INJECTION] (SAFE): The skill presents an indirect prompt injection surface as it processes user-provided strings for testing CLI behavior. 1. Ingestion points: User prompts passed to the '-p' flag of the forge binary in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: cargo build, execution of the forge binary, file reading (cat), and JSON parsing (jq). 4. Sanitization: None detected. Analysis: This surface is an inherent part of the skill's primary function (testing a prompt-based CLI) and does not represent a malicious design.
Audit Metadata