lynx-debug-info-remapping
Warn
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The
SKILL.mdfile instructs the agent to construct and execute a shell command using arguments (function_id,pc_index, and file paths) derived directly from runtime error messages provided by the user. This creates a surface for command injection if the agent does not properly sanitize these inputs before execution. - [DYNAMIC_EXECUTION]: The script
scripts/index.mjsuses the dynamicimport()function with a file path provided as a command-line argument. While the use of thewith { type: 'json' }assertion limits the operation to JSON files, loading content from computed paths at runtime is a risk factor for unauthorized file access or path traversal. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8).
- Ingestion points: Runtime error messages and stack traces provided by the user in the chat or terminal output (analyzed in
SKILL.md). - Boundary markers: None identified; the skill directly processes the provided stack trace.
- Capability inventory: Execution of shell commands (
node) as defined in Step 3 of the workflow. - Sanitization: The instruction lacks explicit sanitization requirements for the agent when parsing the stack trace, although the underlying script does validate that numerical arguments are valid numbers.
- [DATA_EXFILTRATION]: The ability to specify arbitrary file paths to the remapping script could be abused to read the contents of any JSON file on the local filesystem that the agent has access to, potentially exposing sensitive project metadata.
Audit Metadata