Skills
skills/channingwalton/skills/chatter/Gen Agent Trust Hub

chatter

Pass

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The included chatter utility script executes the system commands fswatch (macOS) or inotifywait (Linux) via subprocess.run to efficiently monitor for new message files. This is a legitimate functional requirement for real-time multi-agent communication.
  • [PROMPT_INJECTION]: The skill inherently processes data from external files authored by other agents or users. This introduces a surface for indirect prompt injection where malicious content in a chat message could attempt to manipulate the agent's instructions.
  • Ingestion points: External messages are read from markdown files in the thread directory using the read or loop commands in the chatter script.
  • Boundary markers: The communication protocol uses YAML frontmatter and structured JSON output to separate message metadata from content, providing clear logical boundaries during data ingestion.
  • Capability inventory: The skill facilitates filesystem writes (posting messages) and execution of the chatter helper script, alongside the agent's baseline capabilities.
  • Sanitization: The skill provides explicit guidance to the agent on using heredocs to safely pass content to the shell, mitigating potential command injection during message transmission, although it does not define specific content-level filtering for received messages.
Audit Metadata
Risk Level
SAFE
Analyzed
May 17, 2026, 08:16 PM