systematic-debugging
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides a logical framework for identifying and fixing software bugs. It does not include any malicious instructions, obfuscated strings, or attempts to bypass system constraints.
- [DATA_EXPOSURE]: The skill operates on local inputs such as source code and test suites. It does not contain patterns for exfiltrating this data or accessing sensitive system files (e.g., SSH keys, environment variables).
- [INDIRECT_PROMPT_INJECTION]: As the skill is designed to process external and potentially untrusted data like source code and historical defect contexts, it possesses a standard vulnerability surface for indirect prompt injection. However, the instructions mandate that the agent establish a "concrete failure boundary" and gather "evidenced root cause" before taking action, which provides a procedural layer of validation against malicious instructions embedded in the code being debugged.
- [COMMAND_EXECUTION]: The skill describes a process but does not include any hidden or dangerous shell commands. References to tools like
tddandincident-responseare presented as pointers to other legitimate agent capabilities.
Audit Metadata