skills/av/mi/self/Gen Agent Trust Hub

self

Warn

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill instructions direct the agent to read ~/.mi/config.json, which is explicitly documented as the storage location for the OPENAI_API_KEY and other sensitive environment variables.
  • [COMMAND_EXECUTION]: The skill provides procedures and code examples for the agent to write new JavaScript files to its tool directory and execute them using the spawn global function to run shell processes.
  • [REMOTE_CODE_EXECUTION]: The "Writing new tools" section enables the agent to generate and hot-load arbitrary JavaScript modules at runtime, providing a mechanism for executing generated code that can interact with the host system.
  • [PROMPT_INJECTION]: The skill describes an architecture vulnerable to indirect prompt injection.
  • Ingestion points: Untrusted data is ingested from AGENTS.md files in the repository root or current directory.
  • Boundary markers: No delimiters or instructions to ignore embedded commands are present when reading these files.
  • Capability inventory: The agent possesses high-privilege capabilities including reading credentials, writing files, and executing shell commands.
  • Sanitization: External content from repository files is treated as ground truth without validation or escaping before being processed.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 16, 2026, 06:33 PM
Security Audit — agent-trust-hub — self