debate
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill builds and executes shell commands to interact with external AI providers such as Claude, Gemini, Codex, and OpenCode. It specifically instructs the agent to execute CLI commands directly and run a local Node.js script (
acp/run.js) to manage these interactions. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It ingests the
topicargument and responses from external AI tools, interpolating them into its own prompt templates. While it employs some boundary markers (triple dashes), it lacks explicit sanitization or instructions to the agent to disregard potential malicious commands embedded within the interpolated content.
Audit Metadata