Oathe Security Badge

Is awesome_agent_skills/debugger safe?

https://github.com/Shubhamsaboo/awesome-llm-apps/tree/main/awesome_agent_skills/debugger

94
SAFE

This is a legitimate debugging skill that provides systematic debugging methodologies, code examples, and best practices. The skill content is clean with no prompt injection attempts, malicious code execution, or data exfiltration instructions. Canary file access during the audit appears to be system-related rather than skill-initiated.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 90/100 · 25%
Code Execution 95/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 90/100 · 5%

Findings (2)

INFO Canary file access detected during session -10

Monitoring detected access to sensitive canary files (.env, SSH keys, AWS credentials, etc.) during the audit session. However, this appears to be related to system authentication processes rather than skill behavior, as evidenced by the timing correlation with SSH and sudo operations. No actual exfiltration occurred.

INFO Debugging guidance could lead to information exposure -10

The skill provides legitimate debugging methodologies that could potentially guide users to expose sensitive information through logging or debugging output. However, this would require explicit user action and the skill itself makes no malicious requests.