debug
Pass
Audited by Gen Agent Trust Hub on Jul 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands like
docker,docker compose, andbunfor environment setup and verification. It specifically instructs the agent to recreate containers (docker compose up -d --force-recreate) and execute commands inside thepostprint_local_djangocontainer to verify mounts and connectivity. - [DATA_EXFILTRATION]: Application logs are stored locally at
applications/.cursor/debug-*.log. While the skill explicitly warns against including secrets or PII, these logs represent a potential point of data exposure if the agent or user misconfigures the logging depth. Additionally, the JS/TS instrumentation refers to an external ingest endpoint provided by the platform for session capture. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it instructs the agent to ingest and analyze application logs that may contain untrusted data from external sources (e.g., HTTP request bodies or headers).
- Ingestion points: The agent is directed to read NDJSON logs from
applications/.cursor/debug-*.log. - Boundary markers: The workflow requires the agent to map logs to specific hypotheses and provide line citations, which serves as a manual validation step but does not isolate the data stream.
- Capability inventory: The agent possesses tools for code modification, command execution (docker, bun), and repository management (git).
- Sanitization: There is no programmatic sanitization of log contents; the skill relies on developer adherence to manual redaction guidelines for secrets and PII.
Audit Metadata