systematic-debugging
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The
find-polluter.shscript executesnpm teston files discovered through a user-specified search pattern. This is a standard utility function but involves executing shell commands based on file system state. - [DATA_EXPOSURE]: Examples in
SKILL.md(Phase 1, Step 4) demonstrate the use of sensitive macOS diagnostic commands (security list-keychains,security find-identity) to troubleshoot code signing issues. - [PROMPT_INJECTION]: The skill's core function involves processing and acting upon untrusted data such as error messages, stack traces, and build logs. This presents an indirect prompt injection surface.
- Ingestion points: Systematic processing of error logs and terminal outputs in Phase 1 (Root Cause Investigation).
- Boundary markers: The instructions emphasize reading stack traces "completely" but do not define specific delimiters to isolate log data from instructions.
- Capability inventory: The skill directs the agent to execute shell commands, read files, and perform git operations during investigation.
- Sanitization: No mechanisms are described for sanitizing or escaping malicious instructions that might be embedded in the processed logs or data flows.
Audit Metadata