investigate
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious patterns or security risks were identified. The skill's behavior is consistent with its stated purpose as a technical investigation tool.
- [COMMAND_EXECUTION]: The skill executes system commands via bash to reproduce issues, check dependencies (e.g., npm ls, pip3 show), and analyze version history with git. These operations are part of the core functionality for debugging and do not present a security risk in this context.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it ingests untrusted data from error messages and stack traces. However, the structured methodology and explicit instructions to focus on diagnosis rather than applying fixes provide effective mitigation for this risk environment. * Ingestion points: Error messages and problem descriptions provided via the $ARGUMENTS variable and file contents read during Phase 1 and 2. * Boundary markers: None explicitly defined between untrusted diagnostic data and agent instructions. * Capability inventory: File system read access, bash execution for diagnostics, and the ability to call external skills (/codex, /oracle). * Sanitization: No specific sanitization or filtering is applied to ingested logs or error descriptions.
Audit Metadata