mistral-debug-bundle
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [DATA_EXFILTRATION] (MEDIUM): The skill aggregates sensitive system information into a portable archive (.tar.gz). This includes OS details via
uname -a, hostnames, directory contents, and files like.envand application logs. While intended for diagnostics, this creates a high-value target for data theft if the bundle is mishandled. - [CREDENTIALS_UNSAFE] (MEDIUM): The redaction logic used for
.envfiles (sed 's/=.*/=***REDACTED***/') is a weak security control. It may fail to redact secrets in multi-line variables, nested structures, or files using different assignment syntaxes, leading to the accidental inclusion of plain-text credentials in the diagnostic bundle. - [COMMAND_EXECUTION] (MEDIUM): The skill relies on multiple
Bashexecutions for system discovery and file manipulation. This requires broad tool permissions (curl, tar, grep), which increases the potential impact if the agent is influenced by malicious local files during the collection process. - [System Reconnaissance] (LOW): The script explicitly collects identifying system information including kernel versions (
uname -a) and the systemhostname, which provides an attacker with footprinting data about the internal environment.
Audit Metadata