Skills
skills/terrylica/cc-skills/diagnostic-issue-resolver/Gen Agent Trust Hub

diagnostic-issue-resolver

Warn

Audited by Gen Agent Trust Hub on Apr 4, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill includes a 'Post-Execution Reflection' section that instructs the agent to autonomously modify its own 'SKILL.md' file. This self-modification mechanism allows the agent to change its instructions based on usage, which could be exploited to persist malicious instructions if the agent is compromised during a session.
  • [DATA_EXFILTRATION]: Indirect Prompt Injection Surface. The skill reads external data that could be influenced by untrusted users, specifically Telegram bot logs and audit logs.
  • Ingestion points: Reads log files using tail and grep in SKILL.md and references/common-issues.md.
  • Boundary markers: None identified. Instructions do not warn against following commands found in logs.
  • Capability inventory: The skill has access to Bash and can execute system commands like pkill, rm, and run local scripts or binaries (bun, python).
  • Sanitization: No sanitization or escaping is performed on the log content before processing.
  • [COMMAND_EXECUTION]: The skill heavily relies on the Bash tool to perform system diagnostics, process management (pgrep, pkill), and execution of local maintenance scripts (kokoro-install.sh). While aligned with the troubleshooting purpose, it provides a broad surface for command execution.
  • [DATA_EXPOSURE]: The skill accesses several sensitive local paths, including bot source code, environment configurations (mise.toml), and detailed audit logs in ~/.claude/automation/ and ~/.local/. This exposes internal system details and potentially user data to the agent context.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 4, 2026, 09:51 AM