debug-investigate
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands like
grepandglobto search the codebase. It also executes a local Python script (.claude/scripts/code_graph) to query structural information like callers, importers, and code traces. These operations are performed locally and are consistent with a developer's debugging workflow. - [DATA_EXFILTRATION]: The skill writes investigation findings to local directories such as
plans/reports/and.ai/workspace/analysis/. There are no instructions or patterns indicating the transmission of data to external servers or non-whitelisted domains. - [PROMPT_INJECTION]: The skill includes numerous guardrails to ensure agent reliability, such as 'Red Flag Stop Conditions' that mandate escalation to the user via
AskUserQuestionfor security-sensitive code or architectural changes. It does not contain instructions to ignore system prompts or safety filters.
Audit Metadata