diagnosing-bugs
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requires the agent to generate and execute various technical feedback loops to reproduce bugs. This includes running shell scripts, unit/integration tests, CLI tools, and browser automation frameworks like Playwright or Puppeteer. It also utilizes
git bisectandcurlfor automated investigation. - [PROMPT_INJECTION]: There is an inherent risk of indirect prompt injection as the skill is designed to ingest and process untrusted external content, such as application logs, network traces (HAR files), and manual inputs provided by users through the
scripts/hitl-loop.template.shutility. Maliciously crafted data in these sources could attempt to influence the agent's logic. - Ingestion points: Error messages, log dumps, network traces, and user responses captured by
scripts/hitl-loop.template.sh. - Boundary markers: No specific boundary markers or instructions to ignore embedded commands are present in the scripts or the core instructions for handling external data.
- Capability inventory: Full shell access, script writing (Bash/Python/JS), test execution, and network access via CLI tools.
- Sanitization: The skill does not define sanitization or validation steps for the data retrieved during the instrumentation or reproduction phases.
Audit Metadata