debug
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFE
Full Analysis
- Security Best Practices (SAFE): The skill includes a dedicated 'Security & Safety' section (2-I) that instructs the agent to check for unsanitized HTML rendering, CORS restrictions, and safe error handling. This promotes defensive programming.
- Indirect Prompt Injection (LOW): The skill is designed to ingest and analyze external code files (Step 1). While this is the intended primary purpose, it theoretically exposes the agent to indirect prompt injection if the files being audited contain malicious instructions. This is a structural risk of code-analysis tasks rather than a flaw in the skill itself.
- Command Execution (SAFE): The use of
npx tsc --noEmitandcurlfor smoke testing and type checking (Step 4 & 5) are standard, low-risk developer operations. - File Modification (SAFE): The instructions for applying fixes via
replace_file_contentemphasize targeted diffs and non-destructive updates, following the principle of least disruption.
Audit Metadata