root-cause-tracing
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- COMMAND_EXECUTION (SAFE): The skill utilizes standard development commands such as
npm test,find, andlsvia a helper script to automate debugging tasks. These operations are performed locally within the project context. - DATA_EXPOSURE (SAFE): The provided instrumentation examples suggest logging stack traces and environment variables like
NODE_ENVto the local console for debugging. No evidence of data exfiltration or unauthorized access to sensitive files was found. - PROMPT_INJECTION (SAFE): The instructions focus on debugging logic and do not contain patterns aimed at overriding agent safety guidelines or system prompts.
- INDIRECT_PROMPT_INJECTION (SAFE): The skill processes test output (Ingestion point: console output) without explicit boundary markers. However, its primary capability is limited to local command execution for debugging (Capability inventory: npm test), and it presents no significant escalation path when used as intended.
Audit Metadata