Skills
skills/atalovesyou/claude-skills-pack/systematic-debugging/Gen Agent Trust Hub

systematic-debugging

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (LOW): The file find-polluter.sh executes npm test on files matching a user-provided pattern. This is a standard debugging technique (bisection) but involves executing arbitrary code defined in the project's test scripts.
  • [DATA_EXPOSURE] (LOW): SKILL.md and root-cause-tracing.md suggest diagnostic commands that can expose sensitive information, such as env | grep IDENTITY (environment variables) and security list-keychains / security find-identity (macOS cryptographic identities). These are intended for debugging build and signing issues.
  • [PROMPT_INJECTION] (LOW): The skill includes simulation-based test files (test-pressure-1.md, test-pressure-2.md, test-pressure-3.md) which use 'jailbreak-style' framing ('IMPORTANT: This is a real scenario', 'choose and act') to evaluate the agent's adherence to the debugging process under pressure.
  • [DATA_EXFILTRATION] (LOW): The skill's primary workflow involves ingesting error messages, logs, and stack traces. This represents an indirect prompt injection surface where malicious data in logs could attempt to influence the agent, though the risk is mitigated by the skill's focus on technical analysis.
  • Ingestion points: SKILL.md Phase 1 (Error messages, logs, stack traces).
  • Boundary markers: None identified; instructions suggest direct reading of error content.
  • Capability inventory: npm test (via find-polluter.sh), codesign, security, and git command execution.
  • Sanitization: No explicit sanitization of log content or error messages before analysis.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:50 PM