Skills
skills/shotaiuchi/dotclaude/team-debug/Gen Agent Trust Hub

team-debug

Pass

Audited by Gen Agent Trust Hub on Feb 28, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes git (diff, show) and the GitHub CLI (gh pr, gh issue) to gather context from the local repository and remote GitHub issues/pull requests. These commands are necessary for its stated purpose of bug analysis.- [EXTERNAL_DOWNLOADS]: The skill fetches metadata and content from GitHub via the gh tool. GitHub is a well-known and trusted service for software development.- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection (Category 8) as it processes data from external sources (issue bodies, PR comments, and code files).
  • Ingestion points: Data is ingested through gh pr view, gh issue view, and filesystem reads using Glob + Read patterns.
  • Boundary markers: No specific delimiters or "ignore instructions" warnings are defined to separate untrusted data from the agent's instructions.
  • Capability inventory: The lead agent spawns several general-purpose subagents. These subagents typically have broad tool access within the agent's environment.
  • Sanitization: There is no evidence of sanitization, filtering, or validation of the ingested external content before it is processed by the model or subagents.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 28, 2026, 11:34 PM