The Agent Skills Directory

[DATA_EXFILTRATION]: The skill facilitates the capture and viewing of runtime application data via dbg.dump and dbg.snapshot. If the instrumented application handles sensitive information such as authentication tokens, secrets, or personal data, these values will be recorded in log files or transmitted to a local HTTP server on 127.0.0.1:7243, making them accessible to the agent and potentially persisted in session histories.
[COMMAND_EXECUTION]: The skill includes functionality to modify the project's file system and source code. The start command writes logging utility files into the project directory, while the cleanup command performs automated deletion of code blocks wrapped in specific region markers. This provides the agent with mechanisms to alter the source code of the project it is debugging.
[PROMPT_INJECTION]: The skill presents an indirect prompt injection surface. The agent's core workflow involves reading and interpreting logs produced by the running application. If an attacker can provide input to the application that is subsequently logged, they could embed instructions meant to manipulate the agent's behavior during log analysis. 1. Ingestion points: Runtime data is ingested via the get and expand tool commands. 2. Boundary markers: Logs are structured with timestamps and level labels, which helps but does not eliminate the risk. 3. Capability inventory: The skill can write files, modify source files, and initiate a local web server. 4. Sanitization: There is no evidence of sanitization of log content before it is processed by the agent.

debugging-master