skills/akillness/jeo-skills/ooo/Gen Agent Trust Hub

ooo

Pass

Audited by Gen Agent Trust Hub on Jul 3, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the installation of its primary components from external sources, including the 'ouroboros-ai' Python package via pip and a specific skill bundle from the author's GitHub repository ('akillness/jeo-skills') via npx. These are legitimate installation steps for the described toolset.
  • [COMMAND_EXECUTION]: Operation of the workflow relies on executing the 'ouroboros' CLI tool through the Bash tool for tasks such as initialization, workflow execution, and monitoring the Textual-based TUI.
  • [PROMPT_INJECTION]: The skill features an indirect prompt injection surface as it ingests untrusted user input during the 'Socratic interview' phase (SKILL.md) to generate a 'seed.yaml' specification. This specification then dictates subsequent agent actions and implementations. While no specific boundary markers or sanitization logic is described to mitigate malicious input, this behavior is central to the tool's intended purpose of automated specification-driven development. Capability inventory includes subprocess execution (Bash), file writing (Write), and agent delegation (Agent).
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 3, 2026, 06:40 AM
Security Audit — agent-trust-hub — ooo