bug-detective
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill creates an attack surface for indirect prompt injection by instructing the agent to read and analyze local log files, such as
./logs/sys-console.log. If these logs contain data from external users (e.g., logged request parameters or usernames), an attacker could embed malicious instructions that the agent might inadvertently follow during troubleshooting. - Ingestion points: The agent is instructed to read local log files in both
SKILL.mdandreferences/error-patterns.md. - Boundary markers: No explicit delimiters or instructions are provided to distinguish between system logs and untrusted data within those logs.
- Capability inventory: The agent has the capability to read local files and execute shell commands for filtering and searching.
- Sanitization: There is no mention of sanitizing or escaping the content of log files before analysis.
- [COMMAND_EXECUTION]: The skill suggests the use of standard Unix utilities and network tools to assist in diagnostics. While these are used for their intended purpose in a developer context, they represent a functional capability for command execution.
- Evidence:
SKILL.mdincludes templates forgrep,sed,awk,tail, andcurlfor log searching and API testing.
Audit Metadata