agent-tracing
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the local CLI tool
agent-tracingto perform trace inspection and debugging tasks. It uses the Bun runtime to run commands likeagent-tracing traceandagent-tracing inspectlocally. - [DATA_EXFILTRATION]: The skill accesses execution snapshots stored in the
.agent-tracing/directory. These files contain sensitive internal state includingsystemRole,userMemory,knowledge, and message history. This access is local and necessary for the tool's intended purpose as a debugger. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing and displaying historical execution data.
- Ingestion points: Reads execution snapshots from
.agent-tracing/*.jsonwhich contain arbitrary user inputs and assistant responses. - Boundary markers: No specific delimiters or instructions are used to distinguish trace content from the agent's operating instructions.
- Capability inventory: The skill allows the agent to execute CLI commands to retrieve and view the full content of any message or tool result in the history.
- Sanitization: There is no evidence of sanitization or filtering of historical content before it is presented to the agent.
Audit Metadata