systematic-debugging
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [Command Execution] (LOW): The
find-polluter.shscript executes arbitrary local test files usingnpm test. While this is standard for a debugging utility, it allows for the execution of code within the environment. - [Indirect Prompt Injection] (LOW): The skill instructs the agent to ingest and analyze external data like error messages, stack traces, and logs. This creates a surface for indirect prompt injection if the ingested data contains instructions designed to manipulate the agent's logic.
- Ingestion points: SKILL.md Phase 1 (Error messages, stack traces), Phase 4 (Test results).
- Boundary markers: Absent. The skill does not define specific delimiters for separating user data from system instructions.
- Capability inventory: Local command execution (
npm test,security,codesign) as described infind-polluter.shandSKILL.mdexamples. - Sanitization: Absent. The skill does not suggest sanitizing or escaping content from logs or error messages before processing.
- [Data Exposure] (SAFE): The provided code examples in
SKILL.mddemonstrate best practices for checking the existence of secrets (e.g., using${IDENTITY:+SET}) without revealing the actual secret values.
Audit Metadata