debug-master
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is vulnerable to Indirect Prompt Injection because it allows an AI agent to process untrusted external data while having access to high-privilege commands. 1. Ingestion points: Observability Graphs, distributed traces, and log files referenced in SKILL.md and references/agentic-incident-response.md. 2. Boundary markers: Absent; there are no instructions to use delimiters or ignore instructions embedded in the logs. 3. Capability inventory: 'git revert HEAD', deployment triggers, and 'redis-cli FLUSHDB' as listed in references/agentic-incident-response.md. 4. Sanitization: Absent; no validation or escaping of trace/log data is mentioned.
- COMMAND_EXECUTION (HIGH): The 'Remediation Templates' section explicitly encourages providing the agent with the ability to run 'redis-cli FLUSHDB' and 'git revert', which are high-impact administrative actions. While human-in-the-loop (HITL) is mentioned as a concept, the availability of these commands to an agent triaging untrusted telemetry represents a significant risk.
- EXTERNAL_DOWNLOADS (LOW): The skill references standard Node.js libraries for OpenTelemetry and Prisma. These are reputable, industry-standard packages used for system monitoring.
Recommendations
- AI detected serious security threats
Audit Metadata