bookkeeping
Pass
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/bookkeeping.pyand its test suite usesubprocess.runto execute Python commands and interact with a related local utility script (kg.py). These executions are performed using an argument list rather than a shell string, which reduces the risk of command injection. - [PROMPT_INJECTION]: The
SKILL.mdcontains a "Reflexive Trigger Rule" that explicitly instructs the agent to capture knowledge and update the graph without asking for user permission. This instruction is designed to override the agent's typical behavior of requesting confirmation for file operations to ensure an efficient "auto-save" workflow for knowledge documentation.
Audit Metadata