Debugging
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is designed to process untrusted external data (error logs, code, and test failures) to find root causes. Evidence: 1. Ingestion points: Skill instructions to gather evidence from errors, reproduction steps, and code. 2. Boundary markers: Absent in the provided skill instructions. 3. Capability inventory: References to
scripts/find-polluter.shand a mandate to run verification commands. 4. Sanitization: No sanitization or escaping of external content is described. This combination allows for indirect prompt injection if an attacker embeds instructions in logs or code. - COMMAND_EXECUTION (HIGH): The skill instructs the agent to run 'verification commands' and a shell script (
scripts/find-polluter.sh). There are no safety constraints or validation steps defined for these commands, making the agent vulnerable to executing arbitrary code if it encounters malicious debugging scenarios.
Recommendations
- AI detected serious security threats
Audit Metadata