debug-logs
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (MEDIUM): The skill implements a meta-instruction pattern where Step 1 explicitly commands the agent to load and follow instructions from an external file:
{{cookiecutter.primary_pipeline_name}}/.claude/skills/debug-logs/SKILL.md.\n - Ingestion points: The agent is directed to use a
Readtool on a project-relative path (SKILL.md).\n - Boundary markers: None present. The agent is explicitly told 'Do not proceed until you have read the complete guide' and 'Follow the guide', which forces the agent to adopt instructions from an external source as its primary logic.\n
- Capability inventory: The skill is designed to 'Provide correct log viewing commands', perform 'Environment diagnostics', and 'Network troubleshooting'. These are high-privilege activities that could be weaponized if the external guide is malicious.\n
- Sanitization: None. The agent treats the content of the external file as authoritative instructions without validation.\n- [Dynamic Execution] (MEDIUM): The workflow relies on loading instructions at runtime from a path containing a template variable. This delegates control of the agent's behavior to the file system, which can be manipulated in shared environments or via malicious contributions to the codebase.
Audit Metadata