diagnose
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to utilize various local tools to create a feedback loop for debugging.
- Evidence: Mentions using unit tests, curl, CLI commands, headless browsers (Playwright/Puppeteer), and git bisect.
- Context: These operations are confined to the developer environment and are essential for the primary purpose of software diagnostics.
- [PROMPT_INJECTION]: The skill processes untrusted external data which constitutes an attack surface for indirect prompt injection.
- Ingestion points: Error messages, log dumps, HAR files, and user bug reports (SKILL.md).
- Boundary markers: Not explicitly defined for the ingested data.
- Capability inventory: The agent has access to command execution (tests, scripts, CLI) and network operations (curl, Playwright) in SKILL.md and scripts/hitl-loop.template.sh.
- Sanitization: No explicit sanitization or validation of external logs/reports is mentioned.
- Context: The skill includes human-in-the-loop checkpoints (Phase 3) that require showing hypotheses to the user before testing, which serves as a natural mitigation against automated execution of injected instructions.
Audit Metadata