systematic-debugging
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [Data Exposure] (LOW): The skill provides instructional examples for debugging that involve inspecting environment variables (
env | grep IDENTITY) and macOS keychain metadata (security list-keychains,security find-identity -v). While these are standard debugging steps for build/signing issues, they represent a risk of exposing credentials or signing identities to the AI's context or logs. - [Indirect Prompt Injection] (LOW): The skill is designed to process untrusted external data such as error messages, stack traces, and Git diffs.
- Ingestion points: Error messages, stack traces, and component logs (Phase 1).
- Boundary markers: None present; the skill treats error data as authoritative for debugging.
- Capability inventory: The skill instructions suggest executing diagnostic shell commands and build tools.
- Sanitization: None; the AI is encouraged to read and act upon raw error content.
- [Command Execution] (SAFE): The skill includes shell command examples for diagnostic purposes (
codesign,grep,env). These are contextually appropriate for a debugging tool and do not involve remote code execution or obfuscation.
Audit Metadata