root-cause-tracing
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill instructs the agent to execute shell commands such as
npm test,git init, and a local script./find-polluter.sh. If parameters like directory paths or test patterns are derived from untrusted external data (e.g., a bug report), it enables command injection. - [REMOTE_CODE_EXECUTION] (HIGH): The methodology involves programmatically modifying source code with instrumentation and then executing it. This creates a high-risk surface for executing malicious logic embedded in the data being traced or processed by the agent.
- [PROMPT_INJECTION] (HIGH): Vulnerable to indirect prompt injection (Category 8). 1. Ingestion points: Error logs, stack traces, and source code files. 2. Boundary markers: Absent; no delimiters separate untrusted data from instructions. 3. Capability inventory: File system write access and subprocess execution. 4. Sanitization: Absent; no validation or escaping of external content is mentioned.
Recommendations
- AI detected serious security threats
Audit Metadata