customerio-debug-bundle
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill generates and utilizes Bash scripts and TypeScript files to perform system diagnostics and API connectivity tests. These scripts use standard tools and SDKs to verify integration health.
- [DATA_EXFILTRATION]: The skill is designed to aggregate application logs and API response data into a debug bundle. It implements proactive security measures by redacting API keys from log and JSON files using stream editing patterns and masking environment variables in text reports.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it reads and processes application logs and external API responses.
- Ingestion points: The skill reads from local log files and saved API response JSON files during report generation.
- Boundary markers: No explicit delimiter markers are used when the agent processes the collected log data.
- Capability inventory: The skill utilizes file system access for logging, network access via curl and official SDKs, and shell execution for bundling.
- Sanitization: Includes automated redaction of sensitive credential strings before final bundling.
Audit Metadata