debug-ui
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is designed to execute shell commands for development workflows, including
npm install,npm run lint,npx eslint,npx stylelint, andnpm run buildas part of its 'Checkfix' cycle. - [COMMAND_EXECUTION]: It supports remote development environments by executing commands via SSH (e.g.,
ssh nas "cd ..."), which involves handling remote paths and connection parameters. - [EXTERNAL_DOWNLOADS]: The workflow involves running
npm install, which downloads third-party dependencies from the npm registry. This is a standard but inherent risk in modern development environments. - [PROMPT_INJECTION]: The skill contains persona-driven instructions (e.g., 'Creative Director', 'Frontend Engineer') and uses strong directives like 'REJECT mechanical dictionaries' and 'OPEN artistic synesthesia' to shape AI behavior, though no malicious bypasses were detected.
- [DATA_EXPOSURE]: The skill maintains persistent state and design decisions in a local
.debug/directory. While this is for workflow continuity, it involves frequent reading and writing of project-specific metadata. - [INDIRECT_PROMPT_INJECTION]: As a code-modifying agent, it has a significant attack surface by ingesting untrusted source code and user-provided design descriptions.
- Ingestion points: Reads
.tsx,.vue,.sveltefiles, and.debug/markdown logs. - Boundary markers: No explicit delimiters are defined to separate user-provided data from system instructions during processing.
- Capability inventory: Full file-write access and subprocess execution (
npm,npx,ssh). - Sanitization: No specific sanitization or validation logic is described for the content it modifies or documents.
Audit Metadata