Debugging
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is designed to ingest and analyze external, untrusted data such as error logs, code changes, and test failures. Because the framework also requires the agent to execute shell scripts (e.g., scripts/find-polluter.sh) and verification commands, an attacker could embed malicious instructions within the data being debugged to gain unauthorized command execution.\n
- Ingestion points: System error messages, source code, and test output logs analyzed in Phase 1.\n
- Boundary markers: Absent; the skill does not specify delimiters or instructions to ignore embedded commands in the data.\n
- Capability inventory: Shell command execution for debugging and script execution (scripts/find-polluter.sh) in Phase 4 and the Verification technique.\n
- Sanitization: Absent; there is no mention of sanitizing or filtering the ingested logs or code.\n- Command Execution (MEDIUM): The skill directs the agent to execute local scripts and verification commands, which can be exploited if the agent is misled by malicious input data.
Recommendations
- AI detected serious security threats
Audit Metadata