debug
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill consists of instructional Markdown files and a template. No executable scripts, malicious commands, or suspicious dependencies were detected.
- [SAFE]: Content analysis of all rules shows they align with established academic and professional debugging methodologies (e.g., Andreas Zeller's 'Why Programs Fail', MIT/Cornell curricula).
- [SAFE]: The skill includes security-conscious guidance, such as explicitly warning against logging sensitive data like passwords or PII in the logging-related rules (e.g.,
references/obs-log-inputs-outputs.md). - [SAFE]: All external URLs point to legitimate, well-known technical documentation and educational domains, such as mit.edu, visualstudio.com, and git-scm.com.
- [PROMPT_INJECTION]: Evaluated the skill for Indirect Prompt Injection surfaces (Category 8). While the skill's instructions lead the agent to process external data (logs, bug reports), the skill itself does not contain malicious instructions or bypasses. Evidence for the evaluated surface:
- Ingestion points: External code, stack traces, and bug reports processed during debugging workflows.
- Boundary markers: The skill uses structured Markdown templates and clear 'Incorrect/Correct' delimiters for code examples.
- Capability inventory: Coding agents utilizing this skill typically possess file system and shell access.
- Sanitization: The skill provides warnings about sensitive data exposure but does not require specific input sanitization for logs, which is standard for a methodology guide.
Audit Metadata