debug
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection as it requires the agent to read and analyze project source code and documentation, which may contain instructions intended to influence the agent's behavior.
- Ingestion points: Reads project source files via search tools and specific entity documentation files (e.g.,
docs/project-reference/domain-entities-reference.md). - Boundary markers: The skill notes that some content may be auto-injected by hooks and advises checking for
[Injected: ...]headers, though it lacks general markers for code content. - Capability inventory: The skill possesses capabilities for local command execution (
grep,python .claude/scripts/code_graph), task management (TaskCreate), and user interaction (AskUserQuestion). - Sanitization: No explicit sanitization or filtering of the ingested content is specified; however, the skill mandates manual checkpoints and 'Red Flag' stop conditions for sensitive code.
- [COMMAND_EXECUTION]: The skill utilizes a local Python script located at
.claude/scripts/code_graphto perform structural code analysis, such as tracing callers and dependencies. While used for legitimate debugging purposes, this involves executing code within the local environment.
Audit Metadata