The Agent Skills Directory

[SAFE]: The skill serves as a procedural framework for debugging technical issues. It encourages the agent to follow a four-phase scientific approach (Root Cause Investigation, Pattern Analysis, Hypothesis Testing, and Implementation) before applying changes to a codebase.
[COMMAND_EXECUTION]: The skill contains example bash and TypeScript snippets designed for diagnostic purposes. These include checking for the presence of environment variables (e.g., using env | grep), listing keychain identities (security list-keychains), and running automated tests. These are legitimate tools used in developer workflows for troubleshooting build and signing issues.
[DATA_EXFILTRATION]: While the skill suggests logging component boundaries and environment states, the provided examples use safe practices (such as shell parameter expansion ${VAR:+SET}) to verify the existence of variables without necessarily printing sensitive values. There is no evidence of unauthorized network transmission or secret harvesting.
[PROMPT_INJECTION]: The instructions use strong prescriptive language ("Iron Law", "MUST", "Violating... is violating the spirit") to enforce a debugging process. This is a behavioral framework for the agent and does not attempt to bypass platform safety guidelines or extract system prompts.
[SAFE]: Indirect Prompt Injection risk is inherent to any skill that processes external data like error messages or logs. The skill instructs the agent to "Read Error Messages Carefully," which could expose it to malicious instructions embedded in log output. However, this is a standard risk for debugging agents and is mitigated by the platform's primary instructions and the agent's own reasoning capabilities.

systematic-debugging