ce-debug
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface due to its core functionality of fetching external content. \n
- Ingestion points: Untrusted data is retrieved from external issue trackers (GitHub, Linear, Jira) and arbitrary URLs during Phase 0 (Triage). \n
- Boundary markers: Although the skill wraps internal arguments in tags, it lacks explicit markers or instructions to isolate data fetched from remote issue comments, which could potentially contain malicious instructions. \n
- Capability inventory: The agent has access to file system modifications, dependency installation commands (npm, bun, bundle), and arbitrary test execution capabilities. \n
- Sanitization: There is no specified logic for sanitizing or filtering instructions that might be embedded within the retrieved issue descriptions or comments.\n- [COMMAND_EXECUTION]: The skill involves the execution of various system and development tools. \n
- Evidence: Instructions explicitly mention running
npm install,bun install,bundle install,git log,git bisect, and specialized tools like/ce-commit-push-pr. \n - Context: These commands are standard for a technical debugging environment and are necessary for the skill's functionality.\n- [EXTERNAL_DOWNLOADS]: The skill retrieves data from remote repositories and tracking services. \n
- Evidence: Uses the GitHub CLI (
gh issue view) and web fetching to pull issue titles, bodies, and comment threads. \n - Context: This behavior is transparently described and required to provide the triage and context needed for automated debugging.
Audit Metadata