mode-debug
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill creates a direct attack surface by instructing the agent to ingest and act upon untrusted external data.
- Ingestion points: The 'Required Questions' section explicitly requests 'Exact error message? (Copy verbatim)' and 'logs' from the user.
- Boundary markers: There are no instructions to use delimiters or ignore embedded prompts within the ingested logs or error messages.
- Capability inventory: As a debugging and bug-fixing skill, the agent is expected to propose and potentially apply code changes, making it a high-value target for injection-based hijacking.
- Sanitization: The skill lacks any requirement for the agent to validate or sanitize external input before it is used to influence the agent's reasoning or actions.
Recommendations
- AI detected serious security threats
Audit Metadata