sc-troubleshoot
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is highly vulnerable to instructions embedded in the data it is designed to analyze (error logs and issue reports).
- Ingestion points: The
issueargument and the use of 'Read' for error log analysis as described inSKILL.md. - Boundary markers: No delimiters or isolation instructions are present to differentiate between the user's problem description and the agent's internal instructions.
- Capability inventory: The skill explicitly leverages Bash for runtime diagnostics and has the capability to 'Apply fixes' (file/system modification) as stated in
SKILL.md. - Sanitization: There is no evidence of sanitization, escaping, or validation of the external content before it is processed by the agent's logic or passed to shell tools.
- [Command Execution] (MEDIUM): The integration of 'Bash for runtime diagnostics' introduces a risk of arbitrary command execution if the agent is manipulated by malicious input found within the logs or issue descriptions it processes.
Recommendations
- AI detected serious security threats
Audit Metadata