Skills
skills/jeremylongshore/claude-code-plugins-plus-skills/customerio-debug-bundle/Gen Agent Trust Hub

customerio-debug-bundle

Warn

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
  • Data Exposure & Exfiltration (MEDIUM): The skill is specifically designed to aggregate application logs (customerio-debug.log) and API responses into a compressed bundle.
  • Evidence: The scripts collect userId and event data (attributes) which typically contain PII like email addresses, names, and phone numbers.
  • Mitigation: Although the skill uses sed to redact api_key patterns, it does not sanitize PII or other sensitive customer data before bundling.
  • Indirect Prompt Injection (LOW): The skill has an ingestion surface for untrusted data by reading application logs and API outputs.
  • Ingestion points: customerio-debug.log, api-test.json (File system reads).
  • Boundary markers: Absent (no explicit delimiters or warnings for downstream agents).
  • Capability inventory: Bash(curl:*), Read, Grep across multiple scripts.
  • Sanitization: Redaction is limited to API keys; payload content remains raw.
  • Command Execution (SAFE): The skill uses curl, npm, and pip for connectivity tests and environment discovery, which aligns with its primary diagnostic purpose.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 18, 2026, 09:19 PM