error-recovery
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements an indirect prompt injection surface by requiring the agent to classify and respond to external error messages, tracebacks, and exceptions.
- Ingestion points: Error signals, tracebacks, and exception messages triggered during task execution in SKILL.md.
- Boundary markers: None. The instructions do not provide delimiters or warnings to ignore instructions embedded within error data.
- Capability inventory: The skill utilizes command execution for environment modification and retry logic across all recovery strategies.
- Sanitization: None. The agent is encouraged to read the signal directly from the error message.
- [EXTERNAL_DOWNLOADS]: The Configuration Error strategy and associated example in references/EXAMPLES.md suggest that the agent should install missing dependencies (e.g., pip install pandas) to recover from errors. This allows for the installation of arbitrary packages from external registries based on potentially untrusted error messages.
- [COMMAND_EXECUTION]: The Fix & Continue strategy in SKILL.md grants the agent a broad mandate to identify and fix environment issues. This typically involves executing shell commands to modify files, permissions, or system state based on the content of error logs.
Audit Metadata