cubepi-trace
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to use the
cubepi tracecommand-line tool viauv runto list, view, and analyze execution logs on the local filesystem. - [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface by ingesting historical trace data that could contain adversarial content.
- Ingestion points: The agent reads JSONL trace files from the
./cubepi-tracesdirectory, which include full prompts, tool arguments, and results from previous sessions. - Boundary markers: Absent; the instructions do not provide delimiters or warnings to treat ingested trace data as untrusted.
- Capability inventory: The agent executes shell commands (
uv run cubepi trace) and has access to local files to retrieve and display content. - Sanitization: Absent; the trace content is retrieved and displayed without validation, filtering, or escaping of potentially malicious instructions embedded in the logs.
Audit Metadata