systematic-debugging
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or data exfiltration vectors were identified in the skill's instructions or associated scripts.
- [DATA_EXPOSURE]: The skill includes diagnostic examples for environment variable verification that use safe expansion patterns (
${IDENTITY:+SET}) to confirm a variable's presence without logging its actual sensitive value. - [COMMAND_EXECUTION]: The provided
find-polluter.shutility executesnpm teston local files identified within the project. The script implements proper variable quoting and path normalization to prevent common command injection vulnerabilities. - [INDIRECT_PROMPT_INJECTION]: The skill defines a research phase that ingests untrusted data from external sources (WebSearch, WebFetch, git log, and MEMORY.md). Although it lacks explicit boundary markers or sanitization logic, the surface is inherent to the debugging process, and the only exploitable capability within the skill is the execution of local tests (
npm test).
Audit Metadata