frontend-debug
Fail
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The
scripts/github-issue-handler.rbscript is vulnerable to shell command injection. It constructs commands for theghCLI by joining unescaped strings (such as repository names and issue references) and executing them via backticks in theexecute_ghmethod. An attacker who can influence the issue reference or repository name (e.g., through a malicious URL or CLI input) could execute arbitrary shell commands on the host system.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8). It fetches content from GitHub issues and parses it into acceptance criteria usingscripts/acceptance-criteria.rb. These criteria are then used to drive the logic of the iterative debug loop. Malicious instructions embedded within a GitHub issue could influence the agent's behavior during debugging.\n - Ingestion points: Issue bodies fetched from GitHub in
scripts/github-issue-handler.rb.\n - Boundary markers: None; the parser relies on Markdown headers to identify sections.\n
- Capability inventory: The skill can execute shell commands, perform file system operations, and control a web browser.\n
- Sanitization: No sanitization or escaping is performed on the external Markdown content before it is processed by the debug state machine.\n- [CREDENTIALS_UNSAFE]: The skill stores usernames and passwords in plaintext in the
.frontend-debug/config.jsonfile. Althoughscripts/config-manager.rbattempts to protect this file using.gitignoreand local file permissions (0600), plaintext storage of credentials remains a significant security risk if the local filesystem is accessed by an unauthorized party.
Recommendations
- AI detected serious security threats
Audit Metadata