Skills
skills/wln/obra-superpowers/systematic-debugging/Gen Agent Trust Hub

systematic-debugging

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONCREDENTIALS_UNSAFEDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION] (HIGH): The skill provides explicit shell command templates in SKILL.md (Phase 1, Step 4) for the agent to execute during 'diagnostic instrumentation'.
  • Evidence: The skill instructs the agent to run commands such as security list-keychains, security find-identity -v, and codesign --sign "$IDENTITY" --verbose=4 "$APP" to check system state.
  • [CREDENTIALS_UNSAFE] (HIGH): The diagnostic steps explicitly direct the agent to uncover and log secrets and environment variables.
  • Evidence: The examples in Phase 1 include env | grep IDENTITY and echo "IDENTITY: ${IDENTITY:+SET}${IDENTITY:-UNSET}" to verify if secrets are propagated to the environment.
  • [DATA_EXFILTRATION] (MEDIUM): The framework encourages logging sensitive data at component boundaries, which can lead to the exposure of private keys or tokens in the agent's output logs.
  • Evidence: 'For EACH component boundary: Log what data enters component; Log what data exits component.'
  • [PROMPT_INJECTION] (LOW): The skill employs extremely strong imperative language ('The Iron Law', 'MUST complete each phase', 'Violating... is violating the spirit') to override default agent behavior. While intended for process adherence, this mirrors patterns used to bypass standard operational constraints.
  • [INDIRECT_PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to malicious external data because its primary function is to ingest and act upon untrusted logs and error messages.
  • Ingestion points: SKILL.md Phase 1 relies on 'Error Messages', 'Logs', 'Stack traces', and 'Git diffs'.
  • Boundary markers: Absent. The skill does not provide delimiters or instructions to treat ingested logs as non-executable data.
  • Capability inventory: Includes shell execution (bash), system security interaction (security command), and environment variable access.
  • Sanitization: Absent. The skill encourages the agent to 'Read Error Messages Carefully' and follow them, creating a direct path for an attacker to 'suggest' a diagnostic step that leaks information.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 12:38 PM