systematic-debugging
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill employs high-pressure, imperative language and repetitive mandates designed to override the agent's default decision-making process. It includes 'pressure tests' that act as adversarial prompts to ensure the agent prioritizes the skill's rules over standard operational guidelines.
- [COMMAND_EXECUTION]: The shell script
find-polluter.shexecutesnpm testagainst local files identified by a user-controllable search pattern. This allows for the execution of arbitrary code contained within test files on the system. - [DATA_EXFILTRATION]: Instructional examples in
SKILL.mdshow diagnostic commands likesecurity list-keychainsandsecurity find-identity. These commands expose the system's security environment and identity configuration. - [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by instructing the agent to ingest and analyze untrusted external data.
- Ingestion points: Where untrusted data enters agent context: error messages and stack traces (SKILL.md), log data (SKILL.md), and test files (find-polluter.sh).
- Boundary markers: None; the skill does not use delimiters or instructions to disregard embedded commands in the analyzed data.
- Capability inventory: The skill has access to shell command execution (npm, security, codesign) and file system read/write operations.
- Sanitization: None; the process does not involve filtering or escaping the content of logs or error messages before processing.
Audit Metadata