stack-debug
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill presents a high risk of indirect prompt injection as its primary purpose is to read and analyze external source code and logs.
- Ingestion points: Uses
Bash(rg *),Read, andGlobto ingest untrusted file content from the workspace during debugging sessions. - Boundary markers: Absent. There are no instructions to the agent to distinguish between its own logic and instructions found within files it is troubleshooting.
- Capability inventory: Granted
Bash(bun *), which allows for arbitrary JavaScript/TypeScript execution, package installation, and network requests. - Sanitization: Absent. Data read from files is likely interpolated directly into the agent's reasoning process.
- [COMMAND_EXECUTION] (HIGH): The inclusion of
Bash(bun *)inallowed-toolsprovides a powerful execution environment. If an attacker can influence the debugging process through malicious code comments or specially crafted log files, the agent could be tricked into running maliciousbuncommands. - [EXTERNAL_DOWNLOADS] (MEDIUM): While not explicitly downloading remote scripts via URL, the use of
bunas a tool allows forbun installorbun add, which fetches third-party packages from external registries. This could be exploited for dependency confusion or to pull in malicious runtime dependencies during a "debug" session.
Recommendations
- AI detected serious security threats
Audit Metadata