debug-prod
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses system utilities such as grep, git, cat, and tee to process logs and analyze system state. It also includes instructions for starting services with instrumentation to facilitate debugging. These operations are limited to standard diagnostic tasks and are consistent with the skill's primary purpose.\n- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by processing external data from log files and system metrics. Mandatory evidence chain:\n
- Ingestion points: Log files identified by placeholders like and , distributed traces, and incident descriptions provided via user input.\n
- Boundary markers: No explicit boundary markers or delimiters are used to isolate untrusted log content from the agent's instructions.\n
- Capability inventory: Includes shell command execution (grep, git, cat), file system writes to /tmp/ and .claude/incidents/, and the ability to restart or modify service execution via shell commands.\n
- Sanitization: No explicit sanitization, filtering, or validation is performed on the ingested log data before it is presented to the agent.
Audit Metadata