Skills
skills/software-mansion/argent/argent-metro-debugger/Gen Agent Trust Hub

argent-metro-debugger

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The debugger-evaluate tool permits the agent to execute JavaScript code directly within the running application's environment. This is a standard feature for runtime debugging and state inspection.
  • [COMMAND_EXECUTION]: The skill provides instructions for using shell commands such as adb reverse for port forwarding and npx commands for launching the Metro development server.
  • [PROMPT_INJECTION]: The skill ingests untrusted console log data, which constitutes a potential surface for indirect prompt injection.
  • Ingestion points: Application logs are accessed through the debugger-log-registry tool and flat file searches.
  • Boundary markers: Log entries are structured with unique anchors and delimiters to separate metadata from message content.
  • Capability inventory: JavaScript evaluation, application process management, and shell command execution.
  • Sanitization: Absent; the workflow relies on scoped searching (grep) rather than direct bulk ingestion of unvalidated content.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 10:26 PM