paddle-debug
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) as it directs the agent to ingest and analyze external data like error logs, stack traces, and code from the PaddlePaddle repository.
- Ingestion points: File reads of logs and code within the repository.
- Boundary markers: Absent; instructions do not specify delimiters for untrusted content.
- Capability inventory: Python script execution, file system writes to '.paddle-agent/', and usage of search tools like ast-grep.
- Sanitization: Absent; the agent is not instructed to sanitize or escape data extracted from logs.
- COMMAND_EXECUTION (LOW): The skill instructs the agent to execute Python scripts (e.g., 'python reproduce_xxx.py') and use tools like 'ast-grep' and 'git bisect'. These are standard debugging practices and are performed within the local environment context without requested privilege escalation.
Audit Metadata