debug

The provided SKILL.md file is a purely descriptive document outlining a debugging process. It details phases, triggers, and the conceptual use of various tools (e.g., ReadLints, Browser MCP, Notion MCP, Shell commands like npm run test).

1. Prompt Injection: No direct prompt injection patterns were found in the skill's name, description, or body. The skill's instructions are clear and do not attempt to override the agent's core directives.
2. Data Exfiltration: The skill describes using tools like browser_network_requests and Notion MCP (for database queries/creation). While these involve network activity, they are described in the context of legitimate debugging and knowledge base management, not for exfiltrating sensitive user data. There are no commands to read sensitive files (e.g., ~/.aws/credentials, ~/.ssh/id_rsa) and send them externally.
3. Obfuscation: No obfuscation techniques (Base64, zero-width characters, homoglyphs, etc.) were detected within the Markdown content.
4. Unverifiable Dependencies: The skill describes running npm run typecheck, npm run lint, npm run test. These commands typically rely on pre-installed dependencies. However, the skill itself does not contain instructions to install new, unverified packages. It also describes invoking other skills (e.g., qa-commit, decision-capture), which are assumed to be internal agent capabilities.
5. Privilege Escalation: No commands indicative of privilege escalation (e.g., sudo, chmod 777) were found.
6. Persistence Mechanisms: No attempts to establish persistence (e.g., modifying .bashrc, creating cron jobs) were detected.
7. Metadata Poisoning: The name and description fields are benign and accurately reflect the skill's purpose.
8. Indirect Prompt Injection: The skill processes external context from qa-commit and user input for escalation resolution. Any skill that processes external data is inherently susceptible to indirect prompt injection if that external data contains malicious instructions. This is a general risk for interactive skills, but not a vulnerability in the skill's own instructions.
9. Time-Delayed / Conditional Attacks: The skill describes conditional logic for 'Jidoka Escalation' based on error_count and total_errors. This is a legitimate control flow for managing debugging attempts and not a malicious time-delayed or environment-specific trigger.

Conclusion: The skill is entirely declarative and does not contain any executable components. Its instructions are clear, and it does not exhibit any malicious patterns. The primary safety comes from its 'NO_CODE' nature.