systematic-debugging
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill employs authoritative language and rigid mandates (e.g., 'The Iron Law') to override the agent's usual decision-making process. It explicitly instructs the agent to disregard user pressure or 'manager' requests for urgent fixes, which functions as a behavioral lock-in. It also creates a surface for indirect prompt injection by mandating the processing of untrusted error logs. 1. Ingestion points: Error messages and stack traces (SKILL.md). 2. Boundary markers: Absent. 3. Capability inventory: Shell command execution and npm test (SKILL.md, find-polluter.sh). 4. Sanitization: None.
- [COMMAND_EXECUTION]: Multiple files contain or suggest the execution of shell commands. The find-polluter.sh script executes 'npm test' on files discovered via user-defined patterns. Furthermore, SKILL.md provides instrumentation examples that execute high-risk system commands like 'security list-keychains' and 'security find-identity' to inspect system secrets and identities.
Audit Metadata