debug-info-remapping
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to run a shell command (
node scripts/index.mjs) using variables ($function_id,$pc_index) extracted from external stack traces provided by the user, creating a surface for potential command injection if parameters are not properly sanitized by the agent.- [COMMAND_EXECUTION]: The scriptscripts/index.mjsuses theimport()function to dynamically load a JSON file from a path provided as a command-line argument.- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes untrusted error data to drive its workflow and script execution. - Ingestion points: User-supplied runtime error messages and stack traces as defined in the Workflow section of
SKILL.md. - Boundary markers: None; the instructions do not specify the use of delimiters or 'ignore embedded instructions' warnings when handling user error logs.
- Capability inventory: Execution of local shell commands via the agent as described in the remapping workflow.
- Sanitization: Not present in the prompt instructions; while the target script parses numbers, the agent is not directed to sanitize or escape the strings before passing them to the shell.
Audit Metadata