debugging
Warn
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to write and execute shell scripts (e.g.,
/tmp/debug_api.sh) using theBashtool andchmod +x. This allows the agent to perform arbitrary system operations during the diagnostic process. - [REMOTE_CODE_EXECUTION]: The agent is directed to generate and run Python scripts (e.g.,
/tmp/analyze_db.py) usingpoetry run python. This involves dynamic code generation where the logic is created at runtime based on the agent's interpretation of a problem. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8). It ingests untrusted data in the form of user-provided bug reports and uses that input to influence the creation of executable diagnostic scripts.
- Ingestion points: User-provided error descriptions and bug reports (triggered by keywords like 'bug' or 'error').
- Boundary markers: None identified. The skill lacks instructions to sanitize user input or ignore instructions embedded within the bug reports.
- Capability inventory: The agent has access to
Bash,Write,Read, andEdittools, allowing it to create, modify, and execute files across the system. - Sanitization: No evidence of input validation or escaping of user-provided content before it is processed by the agent's reasoning loop.
- [DATA_EXPOSURE]: The skill contains hardcoded absolute file paths (e.g.,
/Users/young/project/career_ios_backend). This discloses the host machine's username and internal directory structure, which can be used for further reconnaissance.
Audit Metadata