ratchet
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands using a local CLI tool (
ao) to verify, record, and check the status of workflow gates (e.g.,ao ratchet record). - [DATA_EXPOSURE]: The skill manages state by reading from and appending JSON data to a local project file located at
.agents/ao/chain.jsonl. This activity is restricted to local workflow metadata. - [INDIRECT_PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by reading task status from an external file (
.agents/ao/chain.jsonl). - Ingestion points: The skill reads the workflow history from
.agents/ao/chain.jsonlusingcatandtailinSKILL.md. - Boundary markers: None identified in the instructions for delimiting the processed JSON data.
- Capability inventory: The skill has the capability to execute shell commands via the
aoCLI and write to the local filesystem (SKILL.md). - Sanitization: There is no evidence of sanitization or validation of the JSON content before it is parsed or displayed by the agent.
Audit Metadata