debugging
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The
SKILL.mdinstructions require the agent to execute a local shell script,collect-diagnostics.sh, to retrieve system and project state for debugging. - [COMMAND_EXECUTION]: The
collect-diagnostics.shscript executes several system utilities includinguname,df,free, andgitto compile a diagnostic report. It also runs version checks for multiple programming languages (e.g., Node.js, Python, Java) and package managers (e.g., npm, pip, cargo). - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) because it is designed to ingest and process untrusted data from error logs, stack traces, and system outputs.
- Ingestion points: The agent reads error messages and log files as specified in the 'Process' section of
SKILL.md. - Boundary markers: No specific delimiters or boundary markers are defined for the analysis of external logs.
- Capability inventory: The skill utilizes subprocess execution to run diagnostic scripts and interact with the file system.
- Sanitization: The skill does not implement explicit sanitization or filtering of error messages before they are processed by the agent.
Audit Metadata