Systematic Debugging
Warn
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill's 'Phase 1: Root Cause Investigation' (Step 4) explicitly instructs the agent to run bash commands for diagnostic instrumentation. Examples include
env | grep IDENTITY,security list-keychains, andcodesign. These commands interact directly with the host system's configuration and security tools. - DATA_EXFILTRATION (MEDIUM): Several diagnostic commands in
SKILL.mdare designed to print potentially sensitive information to standard output for logging purposes. Specifically,env | grep IDENTITYtargets environment variables (often used for API keys or tokens), andsecurity find-identity -vaccesses macOS keychain information. This poses a high risk of credential exposure if logs are accessible to an attacker. - PROMPT_INJECTION (LOW): The skill utilizes high-pressure, absolute language such as 'The Iron Law', 'You MUST', and 'Violating... is violating the spirit'. This pattern is used to override general agent behavior and safety heuristics in favor of a specific, unbreakable procedural loop.
- INDIRECT PROMPT INJECTION (LOW): The skill is designed to ingest untrusted data from external sources such as 'Error Messages', 'Logs', and 'Git diffs'.
- Ingestion points: System logs, error stack traces, and code diffs are parsed for investigation.
- Boundary markers: No explicit markers are used to isolate ingested data from instructions.
- Capability inventory: The skill possesses the capability to execute shell commands and read local files.
- Sanitization: There is no evidence of sanitization for external data before it is processed or potentially interpolated into diagnostic commands.
Audit Metadata