systematic-debugging
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The included shell script 'find-polluter.sh' executes 'npm test' on arbitrary files, which provides a vector for code execution if the directory being debugged contains malicious test files.
- [DATA_EXFILTRATION] (HIGH): The skill explicitly mandates the use of sensitive commands such as 'security list-keychains' and 'security find-identity' to 'gather evidence,' which exposes system-level security metadata. It also suggests dumping environment variables ('env | grep IDENTITY') that likely contain sensitive secrets.
- [PROMPT_INJECTION] (HIGH): As a debugging framework, this skill is designed to ingest and process untrusted external data such as error logs and stack traces (Category 8: Indirect Prompt Injection). It lacks boundary markers and sanitization, creating a surface where malicious instructions in logs could influence agent decisions. (Evidence: Ingestion points: Phase 1 error message reading; Boundary markers: Absent; Capability inventory: Shell execution and test runners; Sanitization: Absent).
- [EXTERNAL_DOWNLOADS] (LOW): The use of 'npm test' implies the potential for runtime dependency resolution and downloads from the npm registry, which is a trusted source but introduces external code execution.
Recommendations
- AI detected serious security threats
Audit Metadata