beo-debugging
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data which serves as a potential attack surface for indirect prompt injection.
- Ingestion points: The agent reads command output (reproduction logs), source files in the src/ directory, project-specific context files (CONTEXT.md), and incoming messages from the Agent Mail system.
- Boundary markers: There are no explicit instructions or delimiters defined to isolate the processed data from the agent's instructions, nor are there ignore embedded instructions warnings.
- Capability inventory: The skill executes subprocess commands for reproduction (e.g., npm run build), interacts with the filesystem (writing debug notes and state files), and uses a communication tool (br mail) to send and receive messages.
- Sanitization: No explicit sanitization or validation of the ingested external content is mentioned.
- [COMMAND_EXECUTION]: The skill legitimately executes shell commands (e.g., npm, git, br) to perform its primary function of debugging and project management. These operations are scoped to the local environment and the specific debugging task.
Audit Metadata