investigate
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute various shell commands for investigating software defects. This includes performing git archeology (using
git log,git blame, andgit diff), checking project dependencies (usingnpm lsorpip3 show), and running arbitrary reproduction tests in the terminal. These actions are within the expected scope of a software investigation tool.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from external sources.\n - Ingestion points: The agent gathers evidence from error messages, stack traces, test outputs, and log entries during the 'Characterize' step (SKILL.md).\n
- Boundary markers: The instructions do not define clear delimiters or use 'ignore' warnings for the external data processed during the investigation.\n
- Capability inventory: The skill has access to powerful capabilities, including shell command execution via the
Bashtool and the ability to spawn subagents using different models (SKILL.md).\n - Sanitization: There are no instructions for sanitizing or escaping the content of logs or error messages before they are processed by the agent or subagents.
Audit Metadata