rr-debugger
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill ingests and processes output from 'rr' and 'gdb' via the 'crash_trace.py' script. Because the agent reads these outputs, a maliciously crafted recording that prints instruction-like strings could attempt to influence the agent's next steps.
- Ingestion points:
scripts/crash_trace.pycaptures stdout from the debugger process. - Boundary markers: None present in the script output.
- Capability inventory: The script uses
subprocess.runto execute the debugger; the agent can trigger this via the command line. - Sanitization: None.
- [Dynamic Execution] (LOW): The script
scripts/crash_trace.pygenerates a batch of GDB commands at runtime using f-strings and a list of templates. This is a low-risk pattern as the inputs used for interpolation (steps, output format) are either cast to integers or constrained by a predefined list of choices.
Audit Metadata