debugging
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is susceptible to indirect prompt injection because it processes untrusted data (errors, logs, bug reports) and has the Bash tool capability enabled. * Ingestion points: Error messages and logs gathered during Phase 1 (Investigate) and via triggers. * Boundary markers: Absent. * Capability inventory: The skill explicitly uses the Bash tool to reproduce bugs and verify fixes. * Sanitization: Absent.
- [COMMAND_EXECUTION] (MEDIUM): The bash script provided in references/root-cause-tracing.md performs shell interpolation of the '$1' variable without validation, which could lead to command injection if the agent populates this parameter from untrusted input.
Recommendations
- AI detected serious security threats
Audit Metadata