kirby-debugging-and-tracing
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to ingest and analyze untrusted data from a Kirby CMS installation, including templates, snippets, controllers, and log files. This creates a surface for indirect prompt injection if these files contain malicious instructions that the agent might inadvertently follow.
- Ingestion points: Workflow steps 4 and 5 in
SKILL.mdinvolve reading data viakirby:kirby_templates_index,kirby:kirby_snippets_index,kirby:kirby_controllers_index,kirby:kirby_models_index,kirby:kirby_routes_index, andkirby:kirby_dump_log_tail. - Boundary markers: The skill does not define specific delimiters or instructions to ignore embedded commands within the ingested content.
- Capability inventory: The skill utilizes tools such as
kirby:kirby_runtime_installandkirby:kirby_render_pagewhich involve environment modification and code execution. - Sanitization: No sanitization or validation of the ingested code or log content is described.
- [COMMAND_EXECUTION]: The skill guides the agent to modify PHP files by inserting
mcp_dump()debugging calls and then executing that code using thekirby:kirby_render_pagetool. This represents a pattern of dynamic code modification and execution for debugging purposes.
Audit Metadata