smart-debug
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill uses instructional reinforcement (e.g., 'Iron Law') to ensure the agent follows a systematic debugging workflow. No patterns designed to bypass safety filters or ignore system instructions were detected. The skill processes user-provided issue descriptions ($ARGUMENTS) and reads local logs, which represents a surface for indirect prompt injection, though the risk is minimized by the agent's reasoned methodology and mandatory hypothesis-generation gate.
- Ingestion points: $ARGUMENTS in SKILL.md; .claude/context/tmp/debug-*.log read via Read tool.
- Boundary markers: None explicitly defined for user-provided issue descriptions.
- Capability inventory: Bash, Write, Edit, Read, Task tools; capability to execute development commands and modify source code.
- Sanitization: No explicit sanitization or escaping of input data is defined.
- [COMMAND_EXECUTION]: The skill documentation includes the use of the Bash tool to execute legitimate local development commands such as 'pnpm test' and 'pnpm trace:query'. These commands are used for verification and debugging within the local environment and do not involve suspicious command patterns.
- [DATA_EXFILTRATION]: The skill manages debugging logs within the local project directory ('.claude/context/tmp/'). There are no attempts to access sensitive system files or exfiltrate data to external locations.
- [SAFE]: The Node.js scripts and hooks provided are utility-focused and perform benign tasks like project root identification and basic result validation without any dangerous operations.
Audit Metadata