debug-agent
Warn
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill executes
npx debug-agent, which downloads and runs an external package from the public npm registry at runtime. - [COMMAND_EXECUTION]: Instructs the agent to start and maintain a persistent background server process using shell backgrounding (
&). - [EXTERNAL_DOWNLOADS]: Fetches the
debug-agentpackage from the npm registry, representing an external dependency outside the skill's source. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by reading application runtime logs from the filesystem.
- Ingestion points: The agent reads NDJSON logs from a file path (e.g.,
/tmp/debug-agent/debug-a1b2c3.log) specified in the server startup output. - Boundary markers: Absent; there are no instructions or markers to distinguish between data and potential commands within the ingested logs.
- Capability inventory: Capability to execute shell commands (starting the server), modify source code files (instrumentation), and delete files (clearing logs).
- Sanitization: No sanitization, validation, or escaping of the log content is performed before the agent processes and analyzes it.
Audit Metadata