diagnose
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection attack surface. It is designed to ingest and process untrusted external data such as network traces (HAR files), log dumps, and core dumps in Phase 1. This data is handled in an environment where the agent has significant capabilities, including executing shell commands.
- Ingestion points: External artifacts mentioned in Phase 1 and user-provided input captured by "scripts/hitl-loop.template.sh".
- Boundary markers: The instructions do not specify any markers or warnings to distinguish between the skill's instructions and the content of the processed data.
- Capability inventory: The workflow involves executing commands via "bash", performing network requests with "curl", and using development tools like "git" and "npm".
- Sanitization: There is no mention of sanitizing or validating the content of the diagnostic artifacts before processing.
- [COMMAND_EXECUTION]: The skill requires the agent to execute shell commands and scripts, specifically the provided "scripts/hitl-loop.template.sh", to facilitate bug reproduction and testing. This is a functional component of the diagnostic process.
Audit Metadata