agentic-os
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFE
Full Analysis
- [PERSISTENCE_MECHANISMS]: The skill provides detailed templates and instructions for establishing long-term persistence using macOS LaunchAgents, Linux systemd timers, and pm2. These configurations are designed to automatically execute the agent's CLI on a schedule to perform recurring tasks like daily syncs and status updates.
- [INDIRECT_PROMPT_INJECTION]: The architecture defines a data ingestion surface through an 'inbox' directory (
data/inbox/) intended for external tasks and ideas. Processing untrusted content from this directory presents an indirect prompt injection risk. - Ingestion points:
data/inbox/(SKILL.md) - Boundary markers: Absent; templates do not include specific delimiters or warnings to ignore embedded instructions in data files.
- Capability inventory: The framework grants specialist agents full filesystem access, git operation capabilities, and test runner access (SKILL.md).
- Sanitization: Absent; the guide does not include instructions for sanitizing or validating the content of ingested files before they are processed by agents.
Audit Metadata