Skills
skills/tombensim/claude-for-dummies/debug-desktop/Gen Agent Trust Hub

debug-desktop

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute file system operations such as tail, ls, and grep on logs located in ~/.claude-for-beginners/logs/. These actions are directly related to the skill's primary purpose of application debugging and target app-specific directories.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection, specifically command injection, via the free-form search feature.
  • Ingestion points: User-provided input in the $ARGUMENTS variable is interpolated directly into a bash command: grep -rn "$ARGUMENTS" ~/.claude-for-beginners/logs/.
  • Boundary markers: No delimiters or instructions are used to ensure the input is treated as a literal string rather than part of the command structure.
  • Capability inventory: The skill is authorized to use Bash, Read, Grep, and Glob tools, providing a surface for broader system access if the shell command is escaped.
  • Sanitization: The command construction lacks proper shell quoting or input validation to prevent the execution of injected shell metacharacters (e.g., ;, &, |).
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 07:42 PM