diagnostic-issue-resolver
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to perform administrative tasks, including process management (
pkill -x afplay,pgrep -la), file manipulation (rm -f /tmp/kokoro-tts.lock,stat), and starting the bot service using thebunruntime. These operations are essential for the skill's stated diagnostic and remediation purpose. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) as it reads and analyzes audit logs (
~/.local/share/tts-telegram-sync/logs/audit/*.ndjson) and application logs (/private/tmp/telegram-bot.log) which likely contain data originating from untrusted external sources, such as Telegram user messages. The skill lacks explicit sanitization or boundary markers when interpolating this log data into the agent's context. - [EXTERNAL_DOWNLOADS]: The skill performs connectivity checks to the well-known Telegram API service (
api.telegram.org) and manages machine learning model downloads from Hugging Face (~/.cache/huggingface/). These references are consistent with the intended functionality and target well-known, trusted technology platforms.
Audit Metadata