antithesis-debug

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the agent-browser CLI to manage browser sessions, execute JavaScript in the browser context, and download files to the local environment (e.g., agent-browser --session "$SESSION" eval, agent-browser download @REF). These operations are necessary for the skill's primary function of interacting with the web-based debugger.
  • [EXTERNAL_DOWNLOADS]: The documentation recommends installing the agent-browser utility and associated skills from the vercel-labs GitHub organization.
  • [DATA_EXFILTRATION]: The skill is designed to extract files and logs from the remote Antithesis environment. Extracted data is downloaded to a local temporary directory (e.g., /tmp/extracted/) for inspection. This behavior is consistent with the skill's purpose as a debugging tool and involves data movement from the target environment to the agent's local filesystem.
  • [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection as it ingests logs and container file content from the Antithesis environment. * Ingestion points: Log viewer (references/simplified-debugger.md) and command output sections (references/notebook.md). * Boundary markers: None explicitly defined. * Capability inventory: Subprocess calls via agent-browser, file writing (via download), and local shell execution. * Sanitization: None implemented for the incoming data.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 10:07 PM
Security Audit — agent-trust-hub — antithesis-debug