zero-script-qa
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by instructing the agent to monitor and act upon real-time logs.
- Ingestion points: The agent is configured to ingest and analyze the live output from 'docker compose logs -f'.
- Boundary markers: There are no defined delimiters or instructions to help the agent distinguish between legitimate log system messages and untrusted data payloads injected by external users into those logs.
- Capability inventory: The agent is empowered to interpret log data to identify root causes, document issues, and suggest immediate code fixes, meaning malicious log content could influence the agent's reporting and debugging decisions.
- Sanitization: The methodology does not include steps to sanitize or filter user-controlled data before it is written to logs and subsequently processed by the agent.
- [DATA_EXFILTRATION]: The skill's logging templates (e.g., in user_service.py) explicitly suggest capturing PII such as email addresses in structured JSON logs. While intended for debugging, this practice increases the risk of sensitive data exposure within the local environment and log-sharing sessions.
Audit Metadata