debug
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The debugging dashboard user interface (index.html) loads the Tailwind CSS framework from cdn.tailwindcss.com and dynamically imports library dependencies such as React, HTM, SWR, and React Virtual from esm.sh.
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection because it processes and analyzes logs generated by external applications.
- Ingestion points: Application logs are received via the ingest HTTP endpoint in scripts/local_log_collector/collector_server.py and stored in an NDJSON file.
- Boundary markers: Instructions in SKILL.md and references/runtime-debugging.md do not explicitly require the use of delimiters or 'ignore instructions' warnings when the agent reads the log evidence.
- Capability inventory: The agent has extensive capabilities including code modification, shell command execution, and file system access to facilitate debugging and fixing bugs.
- Sanitization: The local collector validates that incoming data is valid JSON but does not sanitize the content of the log messages or data objects before they are processed by the agent.
Audit Metadata