error-diagnostics-smart-debug
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (HIGH): Indirect Prompt Injection surface via issue diagnostics. 1. Ingestion points: The $ARGUMENTS variable is used in the Context and Workflow sections to ingest external issue data. 2. Boundary markers: Absent; there are no delimiters or instructions to ignore embedded commands within the input data. 3. Capability inventory: Significant capabilities include reading from sensitive external observability platforms (Sentry, Datadog, ELK, etc.), reading local documentation (implementation-playbook.md), and executing shell commands (Workflow Step 9: Run test suite). 4. Sanitization: Absent; the skill does not filter or validate the contents of the processed issue reports.
- COMMAND_EXECUTION (MEDIUM): Workflow Step 9 ('Validation') requires the agent to 'Run test suite'. This represents a significant risk of executing malicious code if an attacker can influence the environment or the test scripts themselves through a poisoned diagnostic report.
Recommendations
- AI detected serious security threats
Audit Metadata