debug-council
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill contains explicit instructions to override standard safety protocols. The mandates in Step 1 and Step 2 ('Capture the Raw User Prompt', 'DO NOT modify', 'DO NOT add context', 'Raw user words only') ensure that any malicious payload embedded in the user input or processed data is delivered to sub-agents without being neutralized by the orchestrator's system prompt or filtering layers.
- COMMAND_EXECUTION (HIGH): The skill possesses a dangerous capability-to-trust ratio.
- Ingestion points: Untrusted data enters via the 'Raw User Prompt' (Step 1).
- Boundary markers: None. The skill explicitly forbids adding delimiters or context that could isolate the instruction from the data.
- Capability inventory: Sub-agents have 'Read, Grep, Glob, LS' tools, and the orchestrator has the capability to 'Implement the Winner' (Step 6), which involves writing code to the disk.
- Sanitization: None. The workflow is designed to avoid it for 'research alignment'.
- Risk: A majority of agents could be tricked by a 'poisoned' bug report into generating a malicious solution (e.g., a backdoor or data wiper), which the skill would then automatically commit to the codebase.
Recommendations
- AI detected serious security threats
Audit Metadata