debug
Fail
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: HIGHDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill instructs the agent to access and verify sensitive environment configuration files which often contain secrets and credentials.
- Evidence: In
SKILL.md, the "Auto-debug steps" section explicitly directs the agent to "Verify .env.example vs actual config". - [COMMAND_EXECUTION]: The skill encourages the use of powerful shell commands to perform debugging tasks, which could be exploited if the agent is misled.
- Evidence: In
SKILL.md, the agent is instructed to usebashto "run dev server, test suite, or reproduce" and to usegit logandgrepacross the codebase. - [PROMPT_INJECTION]: The skill creates an attack surface for indirect prompt injection by instructing the agent to process data from potentially untrusted sources.
- Ingestion points: The agent is directed to read codebase files, search results, git history, and server/error logs in
SKILL.md. Additionally,DEBUG-PROMPTS.mdcontains templates for users to provide console and network log data. - Boundary markers: There are no instructions or delimiters provided to ensure the agent ignores or sanitizes instructions that might be embedded within the diagnostic data or log files.
- Capability inventory: The skill utilizes file system access, shell command execution (
bash), and git operations. - Sanitization: No sanitization or validation mechanisms are described for the external content before it is interpolated into the agent's context.
Recommendations
- AI detected serious security threats
Audit Metadata