systematic-debug
Warn
Audited by Gen Agent Trust Hub on Jun 21, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill instructs the agent to 'diff .env files' to identify environment discrepancies. Since .env files are standard locations for secrets and API keys, this instruction facilitates the exposure of sensitive credentials in the session context.
- [COMMAND_EXECUTION]: The framework uses the
Bashtool for various diagnostic tasks, such as listing packages (npm ls, pip freeze), retrieving system info (uname -a), and performing git bisect operations. - [PROMPT_INJECTION]: The skill is designed to process untrusted external data, including stack traces and log files like app.log. This creates a vulnerability to indirect prompt injection.
- Ingestion points: The agent is triggered by user-supplied logs and stack traces and specifically reads local log files.
- Boundary markers: There are no delimiters or markers used to separate untrusted data from the agent's instructions.
- Capability inventory: The combination of file reading, grep, and Bash tools allows for significant system interaction that could be abused via malicious log content.
- Sanitization: The skill does not define any procedures for sanitizing or validating the input data before processing.
Audit Metadata