systematic-debugging
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill includes a bash script
find-polluter.shdesigned to identify tests that create unwanted files or state. The script executesnpm teston local files matching a user-defined pattern, which involves dynamic execution of local code. - [COMMAND_EXECUTION]:
SKILL.mdprovides examples of diagnostic commands for troubleshooting multi-component systems, includingsecurity list-keychainsandsecurity find-identity. While intended for debugging signing failures, these commands access sensitive macOS security configuration data. - [PROMPT_INJECTION]: The skill defines a process for the agent to ingest and analyze untrusted external data (error messages, stack traces, and component logs). This creates a vulnerability to indirect prompt injection if malicious payloads are embedded in the analyzed logs.
- Ingestion points: Error logs, stack traces, and component data flow logs (SKILL.md, Phase 1).
- Boundary markers: None identified. The skill lacks instructions to delimit or ignore instructions within processed data.
- Capability inventory: The skill uses file system exploration and command execution via shell scripts and
npm. - Sanitization: No sanitization or validation of external log content is specified before the agent processes it for root cause analysis.
Audit Metadata