debate
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The installation instructions in
README.mdpoint to a non-trusted GitHub repository (aroc/debate-skill). - PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8).
- Ingestion points: Untrusted user input enters via the prompt argument in
invoke_other.sh. - Boundary markers: No delimiters or safety instructions are used when passing text to the opponent LLMs.
- Capability inventory: The script invokes
claudeandcodex(with the--full-autoflag), which may allow the models to perform actions on the host. - Sanitization: No sanitization is performed on the user input before it is written to a temporary file and passed as a command-line argument.
Audit Metadata