debug
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill provides example bash commands for diagnostic instrumentation that access and output sensitive system state. Specifically, it includes instructions to execute
env | grep IDENTITYto inspect environment variables andsecurity list-keychains/security find-identityto query macOS keychain information. This poses a risk of exposing credentials or sensitive configurations stored in the environment. - [COMMAND_EXECUTION]: The debugging methodology relies on the execution of shell commands to gather evidence, trace data flow, and implement fixes across different system layers. The framework encourages the use of bash scripts to monitor component boundaries and environment propagation.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it is designed to ingest and analyze untrusted data from external sources during the debugging process.
- Ingestion points: Error messages, stack traces, system logs, and data entering/exiting component boundaries.
- Boundary markers: The instructions do not specify the use of delimiters or provide directives to the agent to ignore instructions embedded within the logs or error messages being analyzed.
- Capability inventory: The skill enables the agent to execute shell commands for both diagnostic data gathering and final fix implementation.
- Sanitization: There are no defined procedures for sanitizing, escaping, or validating external content before it is integrated into the agent's reasoning or execution context.
Audit Metadata