debug
Warn
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: The skill provides instructional examples that encourage the inspection of environment variables for sensitive information.
- Evidence: In
SKILL.md, under "Phase 1: Root Cause Investigation", the skill provides code blocks for tracing environment variables. One specific example usesprintenv | grep -i secret. This command retrieves and displays the values of all environment variables containing the string "secret", which is a high-risk pattern for credential exposure. - [COMMAND_EXECUTION]: The instructions direct the agent to perform various shell operations to gather diagnostic data.
- Evidence: The skill recommends using tools such as
git diff,env,printenv, anddocker runacrossSKILL.mdandreferences/root-cause-tracing.md. While intended for debugging, these provide a significant surface area for executing system commands. - [PROMPT_INJECTION]: The skill includes instructions for "Proactive Activation" that may cause the agent to execute diagnostic commands automatically.
- Evidence: The YAML frontmatter in
SKILL.mdinstructs the agent to "Invoke immediately" when encountering error messages or failing tests. This creates a risk where the agent might automatically run the sensitive data-gathering commands described in the methodology without specific user consent for those individual actions.
Audit Metadata