systematic-debugging
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFECREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): The files
test-pressure-1.md,test-pressure-2.md, andtest-pressure-3.mduse strong imperative framing and scenario-based constraints (e.g., "IMPORTANT: This is a real scenario. You must choose and act."). While these are intended for evaluating the agent's reasoning, they mirror patterns used in prompt injection and role-play attacks. - CREDENTIALS_UNSAFE (LOW): The
SKILL.mdfile suggests diagnostic commands to inspect the environment (env | grep IDENTITY) and macOS keychains (security list-keychains). These are powerful tools for debugging code-signing issues but can expose sensitive credentials or identities if the output is logged or shared inadvertently. - COMMAND_EXECUTION (LOW): The
find-polluter.shscript automates the execution ofnpm teston files discovered in the local directory. This provides a mechanism for the agent to execute code within the project environment. - INDIRECT_PROMPT_INJECTION (LOW): The skill involves processing untrusted external data such as error messages, stack traces, and log files as part of Phase 1 (Root Cause Investigation).
- Ingestion points:
SKILL.md(Phase 1, Step 1),root-cause-tracing.md(The Tracing Process). - Boundary markers: None specified for isolating log content from instructions.
- Capability inventory: Shell command execution via
find-polluter.shand diagnostic templates inSKILL.md. - Sanitization: The skill does not provide instructions for sanitizing or escaping content within error logs before processing.
Audit Metadata