help-me-debug
Fail
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: HIGHPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The 'Skill Isolation' section contains instructions that attempt to override platform-level orchestration. It directs the agent to act as the 'sole active authority' and to 'suppress' any other skills that might activate during the session.
- [DATA_EXFILTRATION]: The workflow directs the agent to collect sensitive data, specifically including 'env assumptions' (environment variables), 'config keys', and 'logs'. This information is written to the 'debug_human_report.md' and 'debug_llm_context.md' files, which constitutes exposure of potentially sensitive system secrets and configuration data.
- [COMMAND_EXECUTION]: The skill instructions mandate 'read-only exploration aggressively' and 'deep codebase investigation', which involves the execution of shell commands to inspect the file system, read manifests, and gather environment details.
- [PROMPT_INJECTION]: The skill exhibits a significant indirect prompt injection surface. Ingestion points: Processes untrusted logs, error text, and codebase files. Boundary markers: No delimiters or instructions are provided to the agent to distinguish between its instructions and the data being analyzed. Capability inventory: File system read/write access. Sanitization: No instructions are provided to sanitize or filter external content.
Recommendations
- AI detected serious security threats
Audit Metadata