help-me-debug
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The 'Skill Isolation' section contains explicit instructions to override the agent's default multi-skill behavior and suppress concurrent instructions from other skills ("This skill is the sole active authority", "No other skill may activate", "suppress it and continue without interruption").
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core workflow of ingesting untrusted codebase data and summarizing it into output files without sanitization.
- Ingestion points: Workflow steps 2 and 3 require reading project files, configuration, dependency manifests, and environment-sensitive code.
- Boundary markers: The skill does not define delimiters or "ignore embedded instructions" warnings for the content it aggregates into reports.
- Capability inventory: The skill has permissions to write to the local filesystem (
debug_human_report.md,debug_llm_context.md) and is instructed to execute shell commands for testing and validation. - Sanitization: No escaping or validation is performed on the data collected from the codebase before it is written to the handoff artifacts.
- [DATA_EXFILTRATION]: The skill workflow requires the agent to harvest and document detailed information about sensitive external integrations, including APIs, auth/payment providers, and infrastructure services, which are then stored in plaintext in the
debug_llm_context.mdfile. - [COMMAND_EXECUTION]: The workflow instructs the agent to perform "aggressive" read-only exploration and execute "test/build commands" and "validation commands" found within the repository to capture output for diagnosis.
Audit Metadata