debug
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill's primary function is to ingest and analyze untrusted data provided by the user or external systems, such as stack traces and log outputs. Evidence: The usage instructions and Section 1 ('Understand the Failure') explicitly direct the agent to process external strings. Capability Inventory: The skill has access to
BashandEdit, which allows for system modification. Boundary Markers: None present to distinguish between the log data and agent instructions. Sanitization: No sanitization or validation of the input data is mentioned. - Command Execution (MEDIUM): The skill's workflow involves executing arbitrary shell commands and injecting temporary code for instrumentation. Evidence: Section 2 ('Trace Root Cause') instructs the agent to run commands like
pytestand add Python code for tracing. While legitimate for its stated purpose, this provides an immediate execution vector if a prompt injection attack is successful.
Recommendations
- AI detected serious security threats
Audit Metadata