person-lookup

Pass

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [SAFE]: No malicious patterns, persistence mechanisms, or credential theft attempts were detected. The skill's operations are transparent and consistent with its stated purpose of researching person backgrounds.
  • [COMMAND_EXECUTION]: The skill uses the orth run command to invoke external APIs. It correctly encapsulates search parameters within JSON payloads to prevent command injection vulnerabilities.
  • [PROMPT_INJECTION]: The skill ingests data from external person-research services, creating an indirect prompt injection surface as outlined in Category 8.
  • Ingestion points: Results from API calls to the nyne and fiber tools as defined in SKILL.md.
  • Boundary markers: Absent; external data is presented directly to the agent's context.
  • Capability inventory: Shell command execution via orth run (SKILL.md).
  • Sanitization: No explicit validation or filtering of the retrieved profile data is specified.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 22, 2026, 04:55 AM
Security Audit — agent-trust-hub — person-lookup