investigate
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection through the ingestion of untrusted data.
- Ingestion points: Phase 1 (Intake) and Phase 2 (Investigate) ingest user-provided data such as error messages, stack traces, logs, and arbitrary source code into the agent's context.
- Boundary markers: The skill does not define explicit delimiters or instructions to treat intake data as untrusted when processing it for hypothesis generation.
- Capability inventory: The skill is capable of writing files to the local filesystem (
.specs/bugs/) and executing shell commands via the project's test runner. - Sanitization: There is no evidence of sanitization or filtering of external logs or code snippets before they are analyzed or used to generate reproduction tests.
- [COMMAND_EXECUTION]: The skill requires the ability to execute commands on the local system to fulfill its debugging objectives.
- Evidence: Phase 4 ("Verify") instructs the agent to "Run the test case" using the project's established testing framework (e.g., npm test, pytest, etc.).
- Context: This execution is gated by a systematic workflow and is intended only for verifying identified bug hypotheses within the local project environment.
Audit Metadata