diagnose
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing untrusted data from error logs, stack traces, and simulator screenshots which are interpolated into subagent prompts.
- Ingestion points: Error text extraction from simulator screens, user-pasted build logs, and stack trace JSON ingestion in the symbolicate workflow.
- Boundary markers: The skill uses simple text labels (e.g., 'ERROR:', 'BUILD LOG:') but lacks robust delimiters or instructions to ignore embedded commands within the processed data.
- Capability inventory: The skill has access to Bash, Read, Grep, and Glob tools for system interaction and file access.
- Sanitization: No explicit sanitization or validation of the error content or log data is performed before processing.
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute local diagnostic scripts such as metro.sh and capture.sh to check environment health and simulator state. A potential injection vector exists where user-provided stack trace JSON is piped directly into a shell command for symbolication.
Audit Metadata