systematic-debugging
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- COMMAND_EXECUTION (LOW): The included shell script 'find-polluter.sh' executes local test files via 'npm test', which is a standard debugging practice but constitutes a vector for arbitrary local code execution.
- DATA_EXFILTRATION (LOW): Skill documentation contains diagnostic command examples such as 'env | grep IDENTITY' and 'security list-keychains' for identifying configuration issues; these patterns involve accessing potentially sensitive environment variables and credentials.
- PROMPT_INJECTION (SAFE): No malicious behavioral overrides or safety bypasses were detected. The skill uses instructional constraints like 'The Iron Law' to promote high-quality engineering outcomes.
- INDIRECT_PROMPT_INJECTION (LOW): The debugging process requires ingesting external data like error logs and stack traces. Given the skill's command-line capabilities, the absence of explicit boundary markers or sanitization for this data represents a low-level injection surface.
Audit Metadata