debugging
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill utilizes the
Bashtool to execute system commands for debugging purposes (e.g.,tail,grep,node --inspect). These are standard operations for the stated purpose of troubleshooting. - [DATA_EXFILTRATION] (LOW): The skill directs the agent to read application logs (e.g.,
/var/log/app.log) and use Chrome DevTools to inspect network traffic. These sources often contain sensitive information such as PII, session tokens, or internal system details. While no exfiltration logic (e.g.,curlto an external domain) is present, the access to sensitive data via standard debugging tools carries a minor exposure risk. - [PROMPT_INJECTION] (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8):
- Ingestion points: Application logs and browser console/network data via Chrome DevTools (SKILL.md).
- Boundary markers: Absent; the instructions do not include delimiters or warnings to ignore instructions found within processed data.
- Capability inventory: The
Bashtool provides a powerful capability for arbitrary command execution if the agent is manipulated by injected data. - Sanitization: Absent; there is no mention of escaping or validating content read from external logs or web pages.
- Risk: An attacker could inject malicious commands into a log file or a web page that the agent might inadvertently execute while performing debugging tasks.
Audit Metadata