sc-log-fix
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes application and system logs, which are untrusted external data sources.
- Ingestion points: The skill reads logs from files (logs/**/*.log), Docker (docker logs), and systemd (journalctl) as specified in SKILL.md.
- Boundary markers: Absent; there are no instructions or delimiters defined to distinguish log content from agent instructions.
- Capability inventory: The skill uses Edit for code modification, Bash for shell command execution, and Read for source code access (SKILL.md).
- Sanitization: Present; the Phase 4 Interactive Fix Loop requires user approval before changes are applied.
- [COMMAND_EXECUTION]: The skill executes various shell commands for log discovery, format detection, and fix validation.
- Discovery commands include docker compose ps, journalctl, and pm2 list.
- Validation commands like pytest and npm test are executed in the interactive loop.
- [DATA_EXFILTRATION]: The skill accesses sensitive information by reading system logs (/var/log/, journalctl). It also uses mcp__rube__RUBE_MULTI_EXECUTE_TOOL to send session summaries to external services like Slack or Jira.
Audit Metadata