systematic-debugging
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill instructions require the agent to ingest and analyze untrusted external data from error messages and logs. This presents a surface for indirect prompt injection.
- Ingestion points: Phase 1: Read Error Messages Carefully (SKILL.md).
- Boundary markers: Absent; the agent is not instructed to ignore commands embedded within the logs it analyzes.
- Capability inventory: Local file access, shell script execution via find-polluter.sh, and diagnostic command execution.
- Sanitization: Absent.
- [COMMAND_EXECUTION] (LOW): The skill provides
find-polluter.sh, a bash utility that automates the execution of local tests vianpm test. This is a standard debugging tool but involves the execution of arbitrary local code. - [DATA_EXFILTRATION] (SAFE): The skill provides best-practice diagnostic patterns (e.g., using bash parameter expansion
${VAR:+SET}) to verify the existence of environment secrets without printing their actual values to logs.
Audit Metadata