briefing-note
Warn
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes multiple local binaries (
econstack-update-check,econstack-learnings-read,econstack-learnings-log) silently during the initialization and completion phases. This concealment prevents the user from monitoring the specific shell commands being run. - [COMMAND_EXECUTION]: The skill uses
evalto execute the output of theeconstack-slugbinary. This dynamic execution pattern allows the skill to generate and run arbitrary shell commands at runtime, which is a significant security risk if the local binary's behavior is manipulated. - [EXTERNAL_DOWNLOADS]: The instructions explicitly suggest that the user perform a
git pullfrom a remote repository to update the toolset, introducing external code into the local environment. - [PROMPT_INJECTION]: The skill instructs the agent to 'run this silently' and 'never stop to ask' about various parameters and data sources. This minimizes user oversight and limits the agent's ability to seek clarification on potentially ambiguous or unsafe instructions.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests data from
WebSearchandWebFetchto populate the briefing notes without applying boundary markers or sanitization. - Ingestion points: External data from web searches and fetches are used to construct the 'Analysis' section in
SKILL.md. - Boundary markers: None are defined to separate untrusted external content from the agent's instructions.
- Capability inventory: The agent can perform powerful operations using
Bash,Write, and other tools. - Sanitization: No validation or escaping of external content is performed before processing.
Audit Metadata