harvest
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local commands using the
aoCLI utility (e.g.,ao harvest,ao dedup,ao metrics) to perform file system operations, deduplication, and metadata reporting. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core functionality of ingesting and promoting untrusted data. Ingestion points: The
ao harvestcommand recursively scans.agents/directories within user-specified roots like~/gt/and~/projects/as described in SKILL.md. Boundary markers: There is no evidence of boundary markers, delimiters, or instructions to ignore embedded instructions within the extracted artifacts. Capability inventory: Artifacts are promoted to a global hub (~/.agents/learnings/) which is then intended for injection into future agent sessions via tools likeao inject, potentially propagating malicious instructions. Sanitization: No sanitization or validation of the content of the 'learnings' or 'patterns' is performed beyond a confidence score calculation.
Audit Metadata