pasteurize
Pass
Audited by Gen Agent Trust Hub on May 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides a structured methodology for software debugging. All identified tools and processes align with standard development practices.
- [DATA_EXPOSURE_AND_EXFILTRATION]: No sensitive file access or hardcoded credentials were detected. Use of
curlandghis described within the context of local debugging and standard GitHub environment interaction. - [REMOTE_CODE_EXECUTION]: The skill suggests building test harnesses using tools like Playwright or Puppeteer, which is standard for UI and integration testing. There is no evidence of unauthorized remote script execution or unverified package installation.
- [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted data including user-provided stack traces (Phase 1) and codebase content (Phase 4).
- Ingestion points: User-supplied bug reports/repros and project files via
/cheez-read. - Boundary markers: Not explicitly defined in the instructions.
- Capability inventory: Code modification via
/cheez-writeand shell command execution for feedback loops (Phase 1). - Sanitization: None described. While a surface exists, the skill's focus on structured diagnostic reasoning and minimal fixes makes this risk inherent to the debugging task rather than a specific vulnerability.
Audit Metadata