systematic-debugging
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEPROMPT_INJECTIONCREDENTIALS_UNSAFECOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill uses extremely strong imperative language ("The Iron Law", "MUST", "NEVER") and behavioral overrides ("Violating the letter of this process is violating the spirit") designed to force the agent into a specific operational mode, overriding standard problem-solving behaviors.
- CREDENTIALS_UNSAFE (LOW): The skill documentation (SKILL.md and root-cause-tracing.md) provides examples of diagnostic instrumentation that involve sensitive information access.
- Evidence: Suggested commands include
env | grep IDENTITY,security list-keychains, andsecurity find-identity -vto debug multi-component systems and code-signing issues. - COMMAND_EXECUTION (LOW): The skill includes a standalone bash script
find-polluter.shand recommends usingexecFileAsyncfor diagnostics. - Evidence:
find-polluter.shexecutes user-provided test paths vianpm test, which can lead to arbitrary code execution if the test files or the command parameters are influenced by an attacker. - INDIRECT PROMPT_INJECTION (LOW): The skill's primary function is to ingest and analyze untrusted data.
- Ingestion points: Phase 1 Step 1 ("Read Error Messages") and Phase 1 Step 4 ("Log what data enters component").
- Boundary markers: No explicit instruction delimiters or boundary markers are suggested for the ingested logs.
- Capability inventory: The skill utilizes file system access, environment inspection, and shell command execution (
npm test,git init). - Sanitization: No sanitization of error logs or stack traces is mentioned before processing.
Audit Metadata