The Agent Skills Directory

Prompt Injection (HIGH): The skill uses 'Iron Law' directives and 'Red Flags' sections designed to override user intent. It explicitly commands the agent to ignore user or manager requests for speed or 'quick fixes' in favor of the skill's own rigid phases. This is a direct attempt to bypass user-provided constraints and priorities.
Indirect Prompt Injection (HIGH): The skill mandates that the agent 'Read Error Messages Carefully' and 'Read stack traces completely' without any sanitization or boundary markers. This creates a high-risk surface where an attacker can trigger specific errors (e.g., in a CI environment or via malicious code) containing embedded instructions that the agent is then trained to follow during its 'investigation'.
Command Execution (MEDIUM): The skill's 'diagnostic instrumentation' phase provides executable bash examples that interact with system-level utilities, specifically macOS keychain and identity management (security list-keychains, security find-identity -v). These are sensitive operations that could be exploited if the agent is misled into running them in an insecure context.
Credentials Unsafe (MEDIUM): The skill encourages the agent to actively search for secrets in the environment, suggesting commands like env | grep IDENTITY. While intended for debugging environment propagation, instructing an agent to grep environment variables is a high-risk pattern that can lead to the exposure of sensitive tokens and keys in the agent's logs or conversation history.

systematic-debugging