debug-orchestrator
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data (logs, error messages, and reproduction steps) and passes this context to sub-agents without sanitization or boundary markers.
- Ingestion points: The 'Evidence' section in SKILL.md and the 'Initial Issue Report' sections in the example files (e.g., examples/auth-flow-failure.md).
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the orchestration logic.
- Capability inventory: The orchestrator can spawn multiple specialized agents (e.g., web-debugger, network-inspection, fastapi-expert) and suggests the use of system tools like git, curl, and pytest for verification.
- Sanitization: There is no evidence of sanitization or filtering of user-provided content before it is processed by the agent or passed to sub-agents.
- [COMMAND_EXECUTION]: The skill facilitates the execution of system-level commands and the management of multiple tool-based agents.
- Evidence: The 'Parallel Execution' section in SKILL.md details the use of a 'Task tool' with multiple invocations to launch debug agents. Furthermore, the examples demonstrate the orchestrator guiding the use of CLI tools like 'git revert', 'pytest', and 'curl' to resolve and verify issues.
Audit Metadata