debug
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- COMMAND_EXECUTION (HIGH): The skill provides templates to execute arbitrary test runners (npm test, pytest, cargo test) and git commands (git log, git diff). This allows an agent to execute code on the host system.
- PROMPT_INJECTION (HIGH): Vulnerable to Indirect Prompt Injection (Category 8). 1. Ingestion points: The skill reads untrusted data from log files (app.log, /var/log/app.log), test outputs, and user-provided issue descriptions. 2. Boundary markers: None are present to distinguish between instructions and log data. 3. Capability inventory: The skill utilizes subprocess calls (bash, grep, awk), file system reads, and SQL execution. 4. Sanitization: No sanitization or filtering is performed on the ingested content before processing. This combination allows malicious log entries to potentially hijack the agent's logic.
- DATA_EXFILTRATION (MEDIUM): Accesses sensitive system logs and git history which may contain credentials or PII. While no active exfiltration is hardcoded, the access to sensitive paths constitutes a data exposure risk.
Recommendations
- AI detected serious security threats
Audit Metadata