debugging-expert
Pass
Audited by Gen Agent Trust Hub on Feb 13, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill is designed to ingest and analyze untrusted external data (logs, stack traces, and user reports) in Step 1. The instructions do not define boundary markers or sanitization procedures to isolate this untrusted content from the agent's instructions, which could allow maliciously crafted log entries to influence the agent's reasoning process.\n
- Ingestion points: SKILL.md Step 1 (Gather symptoms: error messages, logs, stack traces, user reports).\n
- Boundary markers: Absent; no delimiters are specified to separate untrusted inputs from the system prompt.\n
- Capability inventory: File system write access (claudedocs/) and memory persistence (memoryStore.update).\n
- Sanitization: Absent; the workflow does not include validation or escaping of external data.
Audit Metadata