kirby-debugging-and-tracing

Pass

Audited by Gen Agent Trust Hub on Apr 1, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is designed to ingest and analyze untrusted data from a Kirby CMS installation, including templates, snippets, controllers, and log files. This creates a surface for indirect prompt injection if these files contain malicious instructions that the agent might inadvertently follow.
  • Ingestion points: Workflow steps 4 and 5 in SKILL.md involve reading data via kirby:kirby_templates_index, kirby:kirby_snippets_index, kirby:kirby_controllers_index, kirby:kirby_models_index, kirby:kirby_routes_index, and kirby:kirby_dump_log_tail.
  • Boundary markers: The skill does not define specific delimiters or instructions to ignore embedded commands within the ingested content.
  • Capability inventory: The skill utilizes tools such as kirby:kirby_runtime_install and kirby:kirby_render_page which involve environment modification and code execution.
  • Sanitization: No sanitization or validation of the ingested code or log content is described.
  • [COMMAND_EXECUTION]: The skill guides the agent to modify PHP files by inserting mcp_dump() debugging calls and then executing that code using the kirby:kirby_render_page tool. This represents a pattern of dynamic code modification and execution for debugging purposes.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 1, 2026, 07:48 AM
Security Audit — agent-trust-hub — kirby-debugging-and-tracing