deco-incident-debugging
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands such as
grep,git, andparallelto search for known issue patterns and manage the local code repository. - [EXTERNAL_DOWNLOADS]: It downloads and runs a site validation script from the vendor's domain (
https://deco.cx/validate) using the high-privilegedeno run -Acommand. - [PROMPT_INJECTION]: The autonomous 'Headless Mode' is susceptible to indirect prompt injection because it processes untrusted input from incident alerts and logs to generate automated fixes.
- Ingestion points: Processes external data from JSON alert triggers (
alert_message) and HyperDX error logs. - Boundary markers: Does not employ explicit delimiters to separate untrusted external content from system instructions.
- Capability inventory: Possesses the ability to write code to the repository, create git branches, and execute commands with full system access via
deno. - Sanitization: No robust sanitization or validation of the input alert text is performed before it influences the autonomous workflow.
Audit Metadata