debug
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill invokes several local scripts, including
./scripts/log-skill.shand./scripts/push-env.sh. The execution of unverified local scripts allows for arbitrary command execution within the agent's environment. - [DATA_EXFILTRATION / CREDENTIALS_UNSAFE] (HIGH): The workflow explicitly references
./scripts/push-env.shfor 'Syncing environment variables'. Environment variables frequently contain sensitive API keys, tokens, and database credentials. Without verification of the script's destination, this represents a high risk of credential theft or data exfiltration. - [PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8).
- Ingestion points: Untrusted data enters via 'Logs / Errors' in
templates/bug-report.template.mdand external error messages processed inworkflows/reproduce-issue.md. - Boundary markers: None identified. There are no instructions to ignore embedded commands within logs.
- Capability inventory: The skill can execute
./scripts/push-env.sh,npm run test, and create new scripts inscripts/repro/. - Sanitization: None. The agent is encouraged to directly use logs and error messages to drive its debugging behavior, which could be exploited by an attacker-controlled error message to trigger unintended tool calls.
- [REMOTE_CODE_EXECUTION] (MEDIUM): The
workflows/reproduce-issue.mdfile instructs the agent to create and run new scripts inscripts/repro/. This pattern of dynamic code generation and execution is a common vector for exploitation if the logic used to generate the script is influenced by malicious external input (e.g., a crafted bug report).
Recommendations
- AI detected serious security threats
Audit Metadata