proactive-agent
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill contains several instances of phrases like 'ignore previous instructions' and 'you are now...'. These are used exclusively as examples in defensive checklists within HEARTBEAT.md and security-patterns.md to teach the agent how to detect and mitigate malicious prompt injection attempts from external sources.
- [COMMAND_EXECUTION]: The skill includes a 'Relentless Resourcefulness' protocol that encourages the agent to use CLI tools and attempt multiple approaches to solve tasks. It also provides a shell script, scripts/security-audit.sh, for users to manually audit the workspace for secrets and insecure permissions. These functions are part of the core utility of the skill and are accompanied by instructions to always confirm destructive actions with the human.
- [SAFE]: The skill implements a robust security architecture, including the WAL (Write-Ahead Log) protocol for state persistence and a specific policy for vetting external skills and agent networks to prevent data harvesting.
- [DATA_EXFILTRATION]: While the skill is designed to process external data such as emails and websites, it explicitly instructs the agent to treat this content as data rather than commands. There are no automated network-send operations targeting non-whitelisted domains for data exfiltration.
Audit Metadata