django-debug
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill instructs the agent to read project details from .agents/django-project-context.md, which could be used as an ingestion point for malicious instructions.
- Ingestion points: .agents/django-project-context.md.
- Boundary markers: No delimiters or warnings to ignore embedded instructions are used.
- Capability inventory: Subprocess execution via pip and manage.py, and direct database interaction through the management shell (SKILL.md).
- Sanitization: No sanitization or validation of the ingested context file content is performed.
- [COMMAND_EXECUTION]: The instructions suggest several shell commands for installing packages and diagnosing errors, such as pip install and python manage.py check, which allow for the execution of arbitrary code within the developer environment. It also suggests commands like print(settings.DATABASES) that expose database credentials to the agent's output context.
- [EXTERNAL_DOWNLOADS]: The skill recommends installing standard, well-known Python packages like django-debug-toolbar, django-extensions, and sentry-sdk from public registries.
Audit Metadata