antithesis-debug
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
agent-browserCLI to manage browser sessions, execute JavaScript in the browser context, and download files to the local environment (e.g.,agent-browser --session "$SESSION" eval,agent-browser download @REF). These operations are necessary for the skill's primary function of interacting with the web-based debugger. - [EXTERNAL_DOWNLOADS]: The documentation recommends installing the
agent-browserutility and associated skills from thevercel-labsGitHub organization. - [DATA_EXFILTRATION]: The skill is designed to extract files and logs from the remote Antithesis environment. Extracted data is downloaded to a local temporary directory (e.g.,
/tmp/extracted/) for inspection. This behavior is consistent with the skill's purpose as a debugging tool and involves data movement from the target environment to the agent's local filesystem. - [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection as it ingests logs and container file content from the Antithesis environment. * Ingestion points: Log viewer (references/simplified-debugger.md) and command output sections (references/notebook.md). * Boundary markers: None explicitly defined. * Capability inventory: Subprocess calls via agent-browser, file writing (via download), and local shell execution. * Sanitization: None implemented for the incoming data.
Audit Metadata