debugging
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Potential for indirect prompt injection via codebase data.
- Ingestion points: The skill reads CLAUDE.md, source code, error logs, and git history to provide context to subagents (SKILL.md, investigator-prompt.md).
- Boundary markers: Uses Markdown headers to structure prompts, which provides some separation but does not fully mitigate the risk of instructions embedded in data.
- Capability inventory: Subagents are granted capabilities to read/write files and execute tests via the crucible:test-driven-development and Agent tools.
- Sanitization: The skill lacks explicit sanitization or filtering of codebase content before it is passed to LLM subagents.
- [COMMAND_EXECUTION]: The skill intentionally executes commands for debugging purposes.
- Evidence: The workflow involves running tests, checking git diffs, and potentially executing reproduction scripts via the Reproduction and Implementation subagents.
Audit Metadata