smart-debug
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection through its core debugging workflow. It explicitly instructs the agent to read and analyze application logs (e.g., in
.claude/context/tmp/) and observability data from external platforms. These sources are considered untrusted data that may contain malicious instructions if the application under debug handles attacker-controlled input. - Ingestion points: The agent reads session logs (e.g.,
cat .claude/context/tmp/debug-a3f7c2.log) and interacts with external APM/Error tracking tools (e.g., Sentry, DataDog). - Boundary markers: There are no delimiters or 'ignore embedded instructions' warnings present when reading log files.
- Capability inventory: The skill utilizes the
Bash,Write, andEdittools, allowing it to execute arbitrary commands and modify the project codebase. - Sanitization: No sanitization or validation of the log content is performed before the agent processes it to confirm hypotheses.
- [COMMAND_EXECUTION]: The skill makes extensive use of shell tools and file manipulation to perform instrumentation and reproduction. It executes commands such as
pnpm test,pnpm trace:query, andrm. While these are legitimate actions for a debugging tool, they require the agent to operate with significant autonomy and authority over the local environment.
Audit Metadata