debug
Warn
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- DATA_EXFILTRATION (MEDIUM): The reproduction workflow in
workflows/reproduce-issue.mdexplicitly instructs the use of./scripts/push-env.shto 'Sync environment variables'. Since environment variables are the standard location for API keys, database credentials, and session tokens, this operation presents a significant risk of credential exposure or exfiltration if the destination is not trusted or secure.\n- PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection (Category 8) because it ingests untrusted external data.\n - Ingestion points: User-provided logs in
templates/bug-report.template.mdand error messages referenced inSKILL.md.\n - Boundary markers: Absent; logs are placed in standard markdown code blocks without delimiters or instructions for the agent to ignore embedded commands.\n
- Capability inventory: The skill executes local shell scripts (
log-skill.sh,push-env.sh) and environment-altering commands (npm run test).\n - Sanitization: No evidence of sanitization, filtering, or validation of log content is present.\n- COMMAND_EXECUTION (LOW): The skill executes local scripts via the shell, such as
./scripts/log-skill.shin the instrumentation section ofSKILL.md. While used for telemetry, the execution of unprovided local scripts should be reviewed for command injection vulnerabilities if they process the passed arguments (like 'debug' or the PID) unsafely.
Audit Metadata