debugging-toolkit-smart-debug
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection through the processing of untrusted data in the
$ARGUMENTSvariable. - Ingestion points: The "Context" section parses
$ARGUMENTSfor highly variable and attacker-controllable data like error messages, stack traces, and environment descriptions. - Boundary markers: The instructions lack delimiters or explicit warnings to the agent to ignore instructions embedded within the processed logs or error reports.
- Capability inventory: The skill uses a subagent (subagent_type="debugger") and describes procedures for querying multiple external observability platforms (Sentry, DataDog, ELK), creating a surface where injected instructions could trigger unauthorized data queries or tool executions.
- Sanitization: No sanitization or validation logic is defined to strip potentially malicious control sequences from the input data.
- DATA_EXPOSURE (SAFE): The skill outlines procedures for accessing sensitive production data (logs, metrics, and traces). While it does not contain hardcoded credentials or exfiltration logic, the guidance encourages the agent to interact with sensitive data environments, which relies on external permission controls.
Audit Metadata