debugging-difficult-bugs
Pass
Audited by Gen Agent Trust Hub on May 25, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE]: The skill instructs the agent to create local log files (e.g.,
debug-difficult-bug.jsonl) containing application runtime state. This involves writing potentially sensitive internal state to the filesystem. The skill mitigates this risk by providing explicit instructions to avoid logging API keys, tokens, or other credentials and recommending the use of redacted summaries for sensitive objects. - [INDIRECT_PROMPT_INJECTION]: The workflow requires the agent to read and analyze logs generated from the application's runtime. If the application logs untrusted data (e.g., user-provided input), the agent could be exposed to indirect prompt injection while analyzing these logs. The skill does not currently specify boundary markers or sanitization for these logs, though it does instruct the agent to interpret them chronologically for debugging purposes.
- [COMMAND_EXECUTION]: The skill directs the agent to modify the project's source code to insert instrumentation. While this is the primary purpose of the skill, it involves the agent generating and injecting code that will be executed during the application's runtime or test phase.
Audit Metadata