rudder-destination-debugging
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill acknowledges and mitigates the risk of indirect prompt injection associated with processing external data:
- Ingestion points: The workflow involves inspecting live event payloads and destination API error responses (SKILL.md).
- Boundary markers: It provides explicit defensive instructions stating that destination API error text should be treated as data rather than instructions or commands.
- Capability inventory: The skill utilizes the 'Read', 'Write', and 'Edit' tools to access metrics, configurations, and logs (SKILL.md).
- Sanitization: It advises the agent to redact PII when sharing raw payloads externally.
- [CREDENTIALS_UNSAFE]: The skill includes a dedicated section on credential security. It follows industry best practices by recommending the use of environment variables and .env files for secret management while warning against hardcoding or logging API keys and tokens.
- [COMMAND_EXECUTION]: References to 'rudder-cli' are consistent with the vendor's own documentation and intended functionality for managing tracking plans and data governance.
Audit Metadata