debug

The 'debug' skill is a coherent, legitimate debugging framework that intentionally grants powerful diagnostic capabilities necessary for root-cause analysis. I found no explicit malicious code, obfuscated payloads, hardcoded C2 endpoints, or download-execute instructions in the provided content. The primary risk is operational: the skill centralizes access to sensitive sources (env, logs, DB) and allows actions (writing artifacts, running repro scripts, browser automation, restarting services) that create plausible data-exfiltration or service-impacting flows if misused or if the orchestration environment is compromised. Recommendations: require explicit, auditable approval before entering Delegated mode; sandbox and log all network-active diagnostic actions; enforce automatic redaction or secure handling of captured secrets; restrict server-observability access to non-production or scrubbed data when possible; and retain diagnostic artifacts with access controls and expiration policies. With those controls, the skill is appropriate for its purpose.