troubleshoot
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill delegates its core logic to an external file loaded at runtime via the 'Read tool' at Step 1. This file, located at '{{cookiecutter.primary_pipeline_name}}/.claude/skills/troubleshoot/SKILL.md', could be controlled by an attacker to override agent behavior.
- Ingestion points: The skill explicitly loads content from a dynamic file path into the agent's context.
- Boundary markers: There are no delimiters or instructions to treat the loaded content as untrusted; the agent is instead commanded to 'Follow the Guide' and 'Use the detailed instructions' in Step 3.
- Capability inventory: The skill description and Step 3 indicate the agent will provide 'diagnostic commands' and solve 'Docker/container issues' and 'environment configuration problems', implying a high-privilege execution environment.
- Sanitization: No sanitization or validation of the loaded file's content is performed before the agent treats it as a source of truth for instructions.
Recommendations
- AI detected serious security threats
Audit Metadata