agent-debugger
Warn
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to use
npx -y agent-debugger, which downloads and executes a package from the npm registry without prompting for user confirmation. - [EXTERNAL_DOWNLOADS]: The skill downloads and installs external debugger adapters at runtime, such as
debugpyvia pip and the Go Delve debugger from GitHub (github.com/go-delve/delve/cmd/dlv@latest). - [REMOTE_CODE_EXECUTION]: The
evalcommand allows for arbitrary code execution within the context of the debugged process. This provides a direct vector for the agent to execute any logic within a target application's runtime environment. - [COMMAND_EXECUTION]: The
attach --pidfeature allows the agent to interact with and inspect any running process on the system. This level of introspection can bypass standard process isolation if the agent has the necessary OS-level permissions. - [DATA_EXFILTRATION]: The skill provides tools to inspect sensitive runtime state, including local variables, call stacks, and memory (e.g.,
request.bodyin a web server). This capability can be used to access credentials or other sensitive data present in the memory of a running process.
Audit Metadata