The Agent Skills Directory

[PROMPT_INJECTION]: The skill's primary function is to ingest and analyze external data such as Python tracebacks, JavaScript console logs, and system log files, which represents an indirect prompt injection surface. This data could theoretically be crafted to contain malicious instructions aimed at influencing the agent's diagnostics or subsequent command execution.
Ingestion points: Untrusted data enters the agent's context through error messages, tracebacks, and log files as described in SKILL.md and references/workflow.md.
Boundary markers: The instructions do not define specific delimiters or instructions to ignore embedded commands within the processed debug data, which is a common vulnerability surface.
Capability inventory: The skill grants the agent extensive capabilities, including executing shell commands via the bench CLI, running SQL queries through bench mariadb, and accessing various system logs (detailed in references/advanced-debugging.md).
Sanitization: There is no mention of sanitization, validation, or filtering of the external error data before it is interpreted by the agent for troubleshooting.

frappe-agent-debugger