sherlock-debugging
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill provides local shell scripts (sherlock-debug.sh, eliminate-impossible.sh, observe-dont-see.sh) for automating debugging tasks. These scripts manage local file system operations such as creating case directories and generating markdown reports based on user logs.
- [DATA_EXFILTRATION]: Analysis of the skill's scripts and instructions confirms that no network communication or external data transmission logic is present. All operations are confined to the local environment.
- [PROMPT_INJECTION]: The skill ingests untrusted data sources like application logs for analysis, which represents a potential attack surface for indirect prompt injection. However, the instructions include specific defensive guardrails that prioritize objective observation and logical verification to mitigate the risk of following instructions embedded within processed data.
- [SAFE]: No obfuscation, hardcoded credentials, or malicious persistence mechanisms were detected. The skill's functionality is consistent with its stated purpose of providing a structured debugging methodology.
Audit Metadata