Skills
skills/pzep1/claudecode-debug-mode/runtime-debugging/Gen Agent Trust Hub

runtime-debugging

Pass

Audited by Gen Agent Trust Hub on Apr 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a bundled script via node located at ${CLAUDE_PLUGIN_ROOT}/scripts/debug-server.js to collect runtime telemetry.
  • [COMMAND_EXECUTION]: Uses pkill and rm for environment cleanup after debugging sessions.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by reading application runtime logs which could contain untrusted data.
  • Ingestion points: The agent reads captured telemetry from .claude-debug/debug.log in SKILL.md Step 4.
  • Boundary markers: No delimiters or warnings are used when reading the log content into the context.
  • Capability inventory: The skill has access to Bash, Write, Edit, and Read tools, allowing it to modify code based on the log contents.
  • Sanitization: No sanitization or validation of the log content is performed before analysis.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 1, 2026, 07:09 AM