diagnose
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to create, modify, and run various reproduction tools, including Bash scripts (using a provided template), CLI commands, and automated test suites to diagnose bugs.
- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection because it requires the agent to process potentially untrusted external data during diagnosis.
- Ingestion points: The agent is directed to analyze log dumps, HAR files (network traces), event logs, and captured payloads in SKILL.md (Phase 1 and Phase 2).
- Boundary markers: The instructions lack specific requirements for using delimiters or protective framing when the agent reads external file content.
- Capability inventory: The agent possesses the capability to execute shell commands, perform filesystem writes, and modify source code (SKILL.md, scripts/hitl-loop.template.sh).
- Sanitization: No sanitization or validation of the ingested external content is mentioned before it is processed by the agent.
Audit Metadata