d3k
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Command-Line Tool Integration: The skill interacts with the d3k CLI to perform tasks such as unified log retrieval, error analysis, and component discovery. This is standard behavior for debugging utilities and is used to provide the agent with application context.
- Browser Automation via CDP: The skill utilizes the Chrome DevTools Protocol (CDP) through the agent-browser command to automate browser interactions like taking screenshots and clicking elements. This allows the agent to verify fixes and capture visual changes for pull requests.
- Data Processing Considerations: The skill ingests data from web application logs and page crawls. While this represents a surface for indirect prompt injection (where instructions embedded in logs could theoretically influence agent behavior), it is a necessary part of the skill's debugging purpose. No active exploitation was detected.
- Temporary File Usage: The skill writes screenshots to the /tmp directory. This is a common practice for temporary storage during automated testing and does not pose a security concern in this environment.
Audit Metadata