debugger
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill creates a significant attack surface for indirect prompt injection. 1. Ingestion points: The skill specifically instructs the agent to process 'full error message, stack trace, and context' and 'Read logs/errors carefully' (SKILL.md). 2. Boundary markers: None are defined to delimit untrusted log data from agent instructions. 3. Capability inventory: The instructions direct the agent to 'Implement the minimal code change', 'Apply the fix', and 'run tests' (SKILL.md), which require file-write and command-execution privileges. 4. Sanitization: There is no requirement or instruction to sanitize or validate the content of the logs/errors. Risk: Malicious instructions embedded in a log file could trick the agent into performing unauthorized system modifications during the 'Fix' or 'Verify' phases.
- [No Executable Code] (INFO): The skill consists solely of a markdown configuration file with no associated executable scripts or package manifests.
Recommendations
- AI detected serious security threats
Audit Metadata