skills/minleev5/automated-instrumented-debugging-skill/automated-instrumented-debugging/Gen Agent Trust Hub
automated-instrumented-debugging
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- Data Exposure & Exfiltration (HIGH): The debug server (debug-server.js) binds to 0.0.0.0 (all network interfaces) by default and lacks authentication. This behavior exposes captured execution data—including function arguments, local variable states, and error stacks—to any device on the local area network (LAN).
- Data Exposure & Exfiltration (MEDIUM): The server implements permissive CORS headers (Access-Control-Allow-Origin: '*') which allows any website visited by the user to programmatically access the captured debug logs from the local server.
- Indirect Prompt Injection (LOW): The skill creates an ingestion surface for untrusted data by reading execution logs back into the agent's context. 1. Ingestion points: Log data retrieved by the agent via the /logs/:session endpoint. 2. Boundary markers: Instrumentation templates use #region DEBUG blocks. 3. Capability inventory: The skill can run shell commands and modify file content. 4. Sanitization: No sanitization is performed on the captured execution state before it is processed by the agent.
Recommendations
- AI detected serious security threats
Audit Metadata