Skills
skills/athola/claude-night-market/palace-index-curator/Gen Agent Trust Hub

palace-index-curator

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local Python scripts (e.g., scripts/memory_palace_cli.py) using the uv tool to perform curation tasks such as reporting and index promotion. This is a standard architectural pattern for this skill's intended purpose.- [PROMPT_INJECTION]: The skill implements a 'Surface' workflow that injects web-captured content into the session context via hooks/index_surfacer.py. This presents an indirect prompt injection risk as the processed data originates from untrusted external sources.
  • Ingestion points: hooks/memory-palace-index.yaml (contains WebFetch and WebSearch markdown files).
  • Boundary markers: Absent; there are no specified delimiters or 'ignore' instructions for the surfaced external content.
  • Capability inventory: The skill possesses the ability to execute shell commands via uv run and write files to data/backups/.
  • Sanitization: Absent; the documentation does not indicate any filtering or escaping of the web-captured content before injection into the context.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 12:20 PM
Security Audit — agent-trust-hub — palace-index-curator