dbg
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The
dbg launchcommand documented in SKILL.md and references/commands.md allows the agent to execute arbitrary shell commands to start debugging sessions. This capability provides a direct path for the agent to run any executable on the host system. - [REMOTE_CODE_EXECUTION]: Through the
dbg evalanddbg hotpatchcommands (detailed in references/commands.md), the agent can execute arbitrary code within a running process or modify its source code at runtime. These features represent significant execution capabilities within the target environment. - [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection (Category 8) as it lacks safeguards when processing untrusted runtime data.
- Ingestion points: The agent retrieves data from external processes via
dbg state,dbg vars,dbg props,dbg eval, anddbg console(found in references/commands.md). - Boundary markers: The documentation does not provide delimiters or warnings to treat debugged data as untrusted, which may lead the agent to interpret data as instructions.
- Capability inventory: The skill enables high-impact actions such as
dbg launch(subprocess spawning),dbg eval(dynamic code execution), anddbg hotpatch(file-system modification), as listed in SKILL.md. - Sanitization: There is no evidence of output sanitization or filtering to prevent malicious payloads in the debugged data from influencing the agent's behavior.
Audit Metadata