root-cause-tracing
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions and examples for executing shell commands and scripts locally, including debugger commands (
lldb), test runners (npm test,cargo test), and a bash loop for identifying test pollution. These commands are standard for software development and debugging purposes. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to ingest and analyze untrusted data from external sources.
- Ingestion points: The skill processes user-provided error messages, stack traces, and source code snippets in the
SKILL.mdfile. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands within the ingested data are defined.
- Capability inventory: The skill guides the user to perform subprocess calls via shell commands (
npm,cargo) and debugging tools (lldb). - Sanitization: There is no evidence of sanitization or filtering for the external content before it is processed by the agent.
Audit Metadata