diagnose
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill guides the agent to perform standard development tasks such as running tests, executing CLI tools, and using browser automation (Playwright/Puppeteer) to build reproduction loops. These actions are within the scope of a developer-oriented agent.
- [DATA_EXFILTRATION]: There is no evidence of unauthorized data transfer. Mentions of capturing traces or logs are restricted to the context of local debugging and feedback loops.
- [PROMPT_INJECTION]: The instructions focus on debugging discipline and do not attempt to bypass safety filters, extract system prompts, or override the agent's core operating principles.
- [INDIRECT_PROMPT_INJECTION]: The skill requires the agent to ingest external data including source code, bug reports, and logs. While this creates an attack surface for indirect prompt injection, it is the primary function of the skill (debugging), and no malicious exploitation patterns were detected.
- [REMOTE_CODE_EXECUTION]: The skill mentions using tools like curl or Playwright, but it does not instruct the agent to download and execute untrusted code from external servers.
Audit Metadata