automation-pilot-debugger
Pass
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes potentially untrusted data from external API responses.
- Ingestion points: Multiple curl commands in SKILL.md fetch data from API endpoints including /api/v1/executions and /api/v1/executions/$EXEC_ID/logs.
- Boundary markers: Absent. The skill does not instruct the agent to treat the API output as untrusted or provide delimiters to separate the data from instructions.
- Capability inventory: The skill uses curl for network reads and jq for JSON processing. No file-writing or persistent system modification capabilities were identified.
- Sanitization: Absent. The skill does not validate or filter the content of the API responses before the agent processes them.
- [COMMAND_EXECUTION]: The skill utilizes shell commands to perform its debugging functions.
- Evidence: SKILL.md contains numerous curl and jq commands designed to interact with the SAP Automation Pilot API. These commands are limited to the skill's stated purpose and correctly utilize environment variables for sensitive parameters like credentials and hostnames.
Audit Metadata