code-debug-skill
Warn
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs the agent to execute remote code via
npx debugsk@latest. This pattern downloads and runs an unversioned package from the NPM registry at runtime without integrity verification. - [COMMAND_EXECUTION]: The AI is directed to autonomously execute shell commands to manage a debug server, perform file cleanup in the
.logs/directory, and modify source code by injecting instrumentation snippets. - [EXTERNAL_DOWNLOADS]: The skill depends on fetching the
debugskpackage from the public NPM registry. The use of the@latesttag instead of a pinned version presents a supply chain risk. - [DATA_EXFILTRATION]: The instructions allow the AI to determine if 'tunneling is needed' and to set up tunnels to expose the local environment. This could lead to the exposure of sensitive data or internal services if used maliciously.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to the ingestion of untrusted log data.
- Ingestion points: AI reads log files directly from the
.logs/directory using search and read tools. - Boundary markers: No boundary markers or instructions to ignore embedded commands within logs are defined.
- Capability inventory: The AI has the capability to execute commands, modify files, and propose network tunnels.
- Sanitization: There is no evidence of sanitization or validation of the ingested log content before it is processed by the AI.
Audit Metadata