systematic-debugging
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [Data Exposure] (LOW): The skill provides code examples in Phase 1 for diagnostic purposes that involve inspecting environment variables (
env | grep IDENTITY) and macOS keychain information (security list-keychains). While intended for local troubleshooting, an agent following these steps literally may expose sensitive secrets or identity markers in command outputs or logs. No automated exfiltration mechanism is present. - [Indirect Prompt Injection] (LOW): The skill is designed to ingest and analyze untrusted data such as error messages, stack traces, and build logs. This creates a surface where malicious instructions could be embedded in the output of a failing system to influence the agent's behavior.
- Ingestion points: Error messages, stack traces, logs, git diffs, and environment variables.
- Boundary markers: Absent; the instructions advise reading errors 'carefully' but do not include delimiters or instructions to ignore embedded commands.
- Capability inventory: Shell command execution for diagnostics (security, env, codesign) and file reading.
- Sanitization: None documented.
Audit Metadata