doppler-debug
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill contains command templates that interpolate external data, creating an indirect prompt injection surface.\n
- Ingestion points: The
MODEL_IDplaceholder is used within JSON configuration strings passed tonpm runcommands inSKILL.md.\n - Boundary markers: There are no boundary markers or delimiters specified to isolate the interpolated model ID from the command structure.\n
- Capability inventory: The skill utilizes subprocess execution via
npm runfor debugging and benchmarking tasks as described inSKILL.md.\n - Sanitization: There is no evidence of sanitization, escaping, or validation for the inputs interpolated into the execution string.\n- [COMMAND_EXECUTION]: The skill provides instructions for the agent to execute local
npmscripts such asdebug,verify:model, andbench. These commands are necessary for the skill's primary function of diagnosing and benchmarking model inference but constitute a privileged execution capability.
Audit Metadata