silk-debug
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill configures
allowed-toolswithBash(python:*)andBash(.venv/bin/python:*). This grants the agent arbitrary Python execution capabilities rather than restricting it to specific scripts or hardened parameters, significantly increasing the risk of unauthorized code execution.\n- [PROMPT_INJECTION] (HIGH): Indirect Prompt Injection Risk (Category 8). The skill's primary function is to ingest and analyze Django Silk profiling data, which contains attacker-controlled strings such as URL paths, request headers, and SQL queries. If malicious instructions are embedded in these logs, the agent may execute them using its broad shell permissions.\n - Ingestion points: Django Silk profiling data (SQL, URLs, headers) accessed via
scripts/silk_debug.py.\n - Boundary markers: Absent. The skill provides no instructions to the agent to treat profiling data as untrusted or to ignore embedded commands.\n
- Capability inventory:
Bash(arbitrary python execution),Read,Grep.\n - Sanitization: Absent/Unverifiable. There is no evidence that
scripts/silk_debug.pyor the skill's logic filters malicious payloads from the profiling output.
Recommendations
- AI detected serious security threats
Audit Metadata