distributed-debugging-debug-trace
Fail
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFE
Full Analysis
- [REMOTE_CODE_EXECUTION]: The
RemoteDebugServerclass inresources/implementation-playbook.mdimplements a WebSocket handler that accepts anevaluatecommand. This command passes arbitrary input directly toinspector.Session().post('Runtime.evaluate', ...)withincludeCommandLineAPI: true, enabling remote attackers to execute arbitrary JavaScript within the process. - [COMMAND_EXECUTION]: The provided Dockerfile configuration in
resources/implementation-playbook.mdexposes the Node.js debugger on all network interfaces (--inspect=0.0.0.0:9229) and installs low-level system tools (tcpdump,strace,gdb) which can be leveraged for advanced exploitation if the container is compromised. - [DATA_EXFILTRATION]: The
TracingSystemimplementation inresources/implementation-playbook.mduses OpenTelemetry hooks to capture full HTTP request bodies (span.setAttribute('http.request.body', JSON.stringify(request.body))). This pattern frequently leads to the leakage of PII, passwords, and session tokens into distributed tracing backends like Jaeger. - [CREDENTIALS_UNSAFE]: The
ProductionDebuggerclass implements a backdoor mechanism that enables debugging features based on a static header token (x-debug-token). This represents a significant security risk if the token is leaked or if the IP-based whitelist is misconfigured.
Recommendations
- AI detected serious security threats
Audit Metadata