magento-issue-debugger
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is susceptible to Indirect Prompt Injection (Category 8) because its core functionality involves reading and interpreting untrusted external data (logs) while having the capability to execute system commands.
- Ingestion points: The agent is directed to gather and analyze Magento logs in
var/log/, PHP error logs, and web server logs. These files often contain data directly influenced by external users (e.g., User-Agent strings, request parameters, or error messages triggered by malicious input). - Boundary markers: Absent. There are no instructions provided to the agent to treat the contents of these logs as non-executable data or to disregard instructions found within the logs.
- Capability inventory: The skill explicitly authorizes the use of
bin/magentocommands, includingdeploy:mode:set,cache:clean,indexer:reindex, andsetup:di:compile, which can alter system state. - Sanitization: Absent. There is no requirement or guidance for the agent to sanitize or filter log data before processing it.
- [COMMAND_EXECUTION] (LOW): The skill documentation includes several legitimate Magento CLI commands. While these are appropriate for the stated purpose of debugging, they provide the necessary primitives for an attacker to achieve system impact if an indirect prompt injection is successful.
Recommendations
- AI detected serious security threats
Audit Metadata