help-me-debug

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The 'Skill Isolation' section contains explicit instructions to override the agent's default multi-skill behavior and suppress concurrent instructions from other skills ("This skill is the sole active authority", "No other skill may activate", "suppress it and continue without interruption").
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core workflow of ingesting untrusted codebase data and summarizing it into output files without sanitization.
  • Ingestion points: Workflow steps 2 and 3 require reading project files, configuration, dependency manifests, and environment-sensitive code.
  • Boundary markers: The skill does not define delimiters or "ignore embedded instructions" warnings for the content it aggregates into reports.
  • Capability inventory: The skill has permissions to write to the local filesystem (debug_human_report.md, debug_llm_context.md) and is instructed to execute shell commands for testing and validation.
  • Sanitization: No escaping or validation is performed on the data collected from the codebase before it is written to the handoff artifacts.
  • [DATA_EXFILTRATION]: The skill workflow requires the agent to harvest and document detailed information about sensitive external integrations, including APIs, auth/payment providers, and infrastructure services, which are then stored in plaintext in the debug_llm_context.md file.
  • [COMMAND_EXECUTION]: The workflow instructs the agent to perform "aggressive" read-only exploration and execute "test/build commands" and "validation commands" found within the repository to capture output for diagnosis.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 03:33 AM
Security Audit — agent-trust-hub — help-me-debug