debug
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core functionality of reading and analyzing external project files.\n
- Ingestion points: The skill uses
Grep,Glob, andReadtools to ingest content from the local codebase into the agent's context, as documented inreferences/investigation-checklist.md.\n - Boundary markers: There are no explicit instructions or delimiters provided to the agent to distinguish between its own system instructions and the potentially untrusted data being read from codebase files.\n
- Capability inventory: The skill has access to powerful tools, including the ability to execute shell commands (
git,npm), modify local files, and interact with remote repositories through the GitHub CLI (gh) inreferences/thorough-track.md.\n - Sanitization: While the skill provides high-level advice to redact secrets/PII in
references/investigation-checklist.md, it lacks automated sanitization or filtering of codebase content that could contain adversarial instructions.\n- [COMMAND_EXECUTION]: The skill makes extensive use of local command-line utilities to perform its tasks.\n - Evidence: The workflow includes
gitoperations (worktrees, commits, pushes),npmcommands (npm install,npm run test), and GitHub CLI (gh pr) for pull request management inreferences/thorough-track.md. These operations are standard for the skill's intended purpose of software development and debugging.
Audit Metadata