systematic-debugging
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill primarily consists of instructional documentation for technical debugging workflows. The methodologies described, such as root cause tracing and defense-in-depth validation, align with industry best practices for secure and reliable software development.
- [COMMAND_EXECUTION]: The skill includes a bash script, find-polluter.sh, which automates the identification of tests that create unwanted state. It uses standard tools like find and npm test to execute local test files, which is a legitimate and common development activity.
- [PROMPT_INJECTION]: The skill analyzes external data like logs and error messages, creating a surface for indirect prompt injection. This is the primary purpose of the skill. 1. Ingestion points: Phase 1 in SKILL.md directs the agent to read error messages, stack traces, and git diffs. 2. Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present. 3. Capability inventory: Use of npm test via find-polluter.sh and system commands for instrumentation. 4. Sanitization: No sanitization of external input is specified.
Audit Metadata