Skills
skills/vanilla-bar/kernel/debug-mode/Gen Agent Trust Hub

debug-mode

Pass

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Uses local shell commands and a dynamically generated Node.js server to facilitate log collection and analysis.\n
  • Evidence: node -e script used to create an HTTP server in SKILL.md and references/common.md.\n
  • Evidence: Use of rm -f debug.log, cat, jq, and grep for file management and data processing.\n- [COMMAND_EXECUTION]: The generated Node.js collector server employs an insecure CORS policy, potentially allowing third-party websites to inject data into the local log file.\n
  • Evidence: s.setHeader('Access-Control-Allow-Origin','*') in the server script found in SKILL.md.\n- [PROMPT_INJECTION]: Vulnerable to indirect prompt injection as it processes and interprets untrusted log data generated by the application being debugged.\n
  • Ingestion points: debug.log file specified in SKILL.md.\n
  • Boundary markers: Absent; the agent reads raw JSON lines from the log file without delimiters.\n
  • Capability inventory: The skill has access to shell commands like node, rm, cat, jq, and grep as documented in SKILL.md.\n
  • Sanitization: Absent; log contents are not sanitized or validated before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 13, 2026, 12:05 PM