debug-agent
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFE
Full Analysis
- Indirect Prompt Injection (LOW): The agent processes untrusted inputs such as user-submitted bug reports and console logs.
- Ingestion points:
execution-protocol.mdStep 1 (Error messages, user reports) andbug-report-template.md(Problem Description). - Boundary markers: No specific delimiters or markers are defined in the provided instruction files.
- Capability inventory: The agent can search and read code via Serena MCP tools and write bug reports to the filesystem (
.gemini/antigravity/brain/bugs/). - Sanitization: No explicit sanitization or filtering of external content is defined in the instructions.
- Security Awareness (SAFE): The skill incorporates security best practices into its core workflow.
- Evidence: The
checklist.mdrequires the agent to verify that fixes do not introduce SQL injection, XSS, or authentication bypasses, and that sensitive data is not exposed in logs.
Audit Metadata