antithesis-debug
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is designed to execute shell commands within the remote Antithesis test environment and JavaScript within the browser context to automate UI interactions.
- Evidence: The skill uses
agent-browser evalto execute functions from the providedassets/antithesis-debug.jsruntime. It also uses the debugger's native capability to run bash scripts in target containers, as described inreferences/simplified-debugger.mdandreferences/common-inspections.md. - [EXTERNAL_DOWNLOADS]: The skill provides a mechanism for downloading files from the remote Antithesis debugging environment to the local filesystem.
- Evidence:
references/simplified-debugger.mddetails a workflow usingagent-browser downloadto retrieve artifacts extracted by the debugger. - [DATA_EXFILTRATION]: The skill includes functionality to "Extract file" and download data from the containerized Antithesis environment to the user's local machine for analysis.
- Evidence: Found in the extraction workflows described in
SKILL.mdandreferences/simplified-debugger.md. - [PROMPT_INJECTION]: The skill ingests untrusted data from the Antithesis debugger UI, such as log rows and container metadata, creating a surface for indirect prompt injection.
- Ingestion points: Log view browsing and event stream analysis in
references/simplified-debugger.mdandreferences/common-inspections.md. - Boundary markers: No explicit boundary markers or delimiters for ingested content are specified in the instructions.
- Capability inventory: The skill can execute arbitrary shell commands in remote containers and run JavaScript in the browser context via
agent-browser eval. - Sanitization: No explicit sanitization or validation of the ingested external content was observed before it is processed by the agent.
Audit Metadata