debugging
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- Unverifiable Dependencies & Remote Code Execution (HIGH): The skill is designed to execute arbitrary code within the target project's environment using
npm test. If an agent uses this skill on a malicious or compromised repository, it will execute untrusted code without any sandbox or safety constraints. - Indirect Prompt Injection (HIGH): This skill provides a significant attack surface for indirect prompt injection as it requires the agent to deeply analyze and act upon untrusted external data (source code, logs, and error messages).
- Ingestion points: Filenames processed by
scripts/find-polluter.shand the source code/error logs analyzed inreferences/systematic-debugging.md. - Boundary markers: Absent. There are no instructions for the agent to use delimiters or to ignore instructions embedded within the code it is debugging.
- Capability inventory: High-privilege capabilities including the ability to execute shell scripts and run package-manager-level test commands (
npm test). - Sanitization: Absent. There is no evidence of sanitization, validation, or escaping of the external content before it is processed or executed.
- Dynamic Execution (MEDIUM): The
scripts/find-polluter.shscript employs unsafe shell practices. Specifically, the loopfor TEST_FILE in $TEST_FILESrelies on unquoted variable expansion of output from thefindcommand. This makes the script vulnerable to word-splitting and potential command injection if a repository contains filenames with shell metacharacters or spaces.
Recommendations
- AI detected serious security threats
Audit Metadata