systematic-debugging
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides shell script templates and instructs the agent to execute them (e.g., bash, codesign, security) to gather evidence and diagnostic information at component boundaries.
- [DATA_EXFILTRATION]: A suggested debugging step uses 'env | grep IDENTITY', which can expose sensitive environment variables or credentials to standard output or log files if the variables contain secret data.
- [PROMPT_INJECTION]: The instructions use rigid, mandatory language ('The Iron Law', 'You MUST', 'You cannot proceed until...') to strictly control agent behavior and override its standard decision-making workflow.
- [PROMPT_INJECTION]: There is a potential surface for Indirect Prompt Injection (Category 8) as the skill is designed to process external, untrusted data.
- Ingestion points: The skill ingests error messages, stack traces, and git diffs provided by the user or external systems.
- Boundary markers: Absent; no delimiters are used to separate external error content from the agent's instructions.
- Capability inventory: The skill leverages shell command execution, environment variable access, and macOS system tools.
- Sanitization: Absent; the skill does not specify any sanitization or validation for the content of error messages or logs being analyzed.
Audit Metadata