Skills
skills/code-yeongyu/lazyclaudecode/debugging/Gen Agent Trust Hub

debugging

Warn

Audited by Gen Agent Trust Hub on Jun 27, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to use sudo for several sensitive operations, including modifying system-wide trusted certificates (security add-trusted-cert) and disabling address space layout randomization (ASLR) via kernel parameters (randomize_va_space). These actions are performed to facilitate deep debugging but grant the agent significant control over the host security posture.
  • [REMOTE_CODE_EXECUTION]: The instructions involve generating and executing ad-hoc Python and shell scripts at runtime for tasks such as carving JavaScript bundles from binaries, parsing memory, and creating network shims. This dynamic code generation is central to the reverse-engineering workflow.
  • [EXTERNAL_DOWNLOADS]: The skill references several external debugging tools and libraries (Ghidra, pwndbg, mitmproxy, playwright) to be downloaded and installed from public repositories. While these are reputable tools, the agent is directed to fetch and execute setup scripts (e.g., setup.sh) from these sources.
  • [DATA_EXFILTRATION]: The skill describes techniques for intercepting and logging network traffic using mitmproxy and DYLD_INSERT_LIBRARIES. While framed as a method to inspect app behavior, the same capability could be used to monitor and log sensitive user data if applied maliciously.
  • [INDIRECT_PROMPT_INJECTION]:
  • Ingestion points: The skill processes untrusted binary data, log files, and web page content during debugging and QA phases (e.g., references/runtimes/native-binary.md, references/tools/playwright-cli.md).
  • Boundary markers: The instructions lack explicit structural delimiters to wrap processed untrusted data, though they emphasize using "verbatim values" and a "hypothesis-driven" approach to separate observation from reasoning.
  • Capability inventory: The agent has broad shell access, the ability to run various compilers/runtimes (Python, Node, Go, Rust), and sudo privileges.
  • Sanitization: There are no instructions for sanitizing or escaping the data ingested from external binaries or web pages before it is processed by the agent's logic.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 27, 2026, 02:19 PM
Security Audit — agent-trust-hub — debugging