bug-diagnosis
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes local development commands such as
npm test,git log, andgit bisect(referenced in SKILL.md) to verify code behavior and trace history. These commands are executed within the local environment as part of the primary debugging purpose. - [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface due to its core function of processing untrusted data. 1. Ingestion points: Processes user-provided error messages, stack traces, and code snippets (referenced in SKILL.md). 2. Boundary markers: No explicit delimiters or boundary instructions are used to isolate processed content from the agent's internal logic. 3. Capability inventory: The agent can read files, execute shell commands (git, npm), and propose code changes (referenced in SKILL.md). 4. Sanitization: No sanitization or validation of external input data is specified.
Audit Metadata