fullstack-debugger
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill frequently uses the
Bashtool to execute diagnostic commands, including build scripts (npm run build), TypeScript compilation (npx tsc), and Cloudflare Worker management (npx wrangler). This is standard functionality for the intended use case but grants the agent significant system interaction capabilities. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) due to its core function of analyzing external, potentially untrusted data.
- Ingestion points: The skill reads local source code, build logs, git history, and environment configuration files (
.env.local). - Boundary markers: No specific delimiters or "ignore embedded instructions" warnings are used when the agent processes the content of these files.
- Capability inventory: The agent has access to
WriteandEditfor file modification,Bashfor command execution, andmcp__playwrightfor browser automation. - Sanitization: While the
diagnose.shscript masks values in.env.localusingsed, other data sources like source code comments or log files are processed without sanitization.
Audit Metadata