debug-to-fix
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (MEDIUM): The skill processes untrusted external content that can influence agent reasoning. Ingestion points: Accesses source code, logs, and error messages using
cat,grep, andfile: read(SKILL.md, Phase 2). Boundary markers: Absent. No delimiters are used when interpolating file contents into the context. Capability inventory: Usesbash(read-only tools) andfile: read. While the skill's own tools are restricted, the instructions (Phase 3) direct the agent to 'Implement the fix', which likely utilizes write capabilities in the broader agent context. Sanitization: Absent. There is no filtering or validation of the ingested content. - [Command Execution] (LOW): The skill requests access to
bashfor utilities likegit,grep, andls. These tools provide broad visibility into the filesystem, which is necessary for debugging but constitutes a data exposure risk if the environment contains sensitive files.
Audit Metadata