llm-debugger
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill possesses a high-severity attack surface for Indirect Prompt Injection because it ingests untrusted data and uses it to influence downstream execution and logic generation.\n
- Ingestion points: The
debug_llm_outputandgenerate_test_casesfunctions ingestfailed_inputandfailed_output. Thefailed_outputis typically generated by an LLM and may contain attacker-controlled instructions or malicious payloads designed to subvert the debugging process.\n - Boundary markers: Absent. There are no delimiters (e.g., XML tags or triple quotes with clear instructions) to separate the untrusted data from the debugger's logic or to warn the agent to ignore instructions embedded within that data.\n
- Capability inventory: The skill has the capability to execute new LLM requests (
llm(fixed_prompt)) and generate functional test cases (usinglambdavalidation logic). If thefixed_promptor test case logic is poisoned, the agent will execute the attacker's instructions.\n - Sanitization: No sanitization, escaping, or validation is performed on the
failed_outputbefore it is processed by the diagnosis logic or interpolated into new prompts.
Recommendations
- AI detected serious security threats
Audit Metadata