skills/cursor/plugins/poteto-mode/Gen Agent Trust Hub

poteto-mode

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: The skill manages an indirect prompt injection surface through its 'Eval' and 'Forensics' playbooks.\n
  • Ingestion points: Accesses agent transcripts in agent-transcripts/ and profiling artifacts such as .cpuprofile and .heapsnapshot in playbooks/eval.md and playbooks/trace-forensics.md.\n
  • Boundary markers: Includes specific directives in playbooks/eval.md and playbooks/session-pickup.md to avoid crossing workspace boundaries by prohibiting globbing of ~/.cursor/projects/*/.\n
  • Capability inventory: Includes subagent spawning with specific types (poteto-agent), Git worktree management, and GitHub PR interactions in playbooks/opening-a-pr.md.\n
  • Sanitization: Employs environment and label sanitization for evaluation scenarios to prevent observer effects and ensure isolation.\n- [COMMAND_EXECUTION]: The skill performs standard developer operations using git and gh. It also utilizes CDP eval for runtime instrumentation in playbooks/runtime-forensics.md, which is a legitimate use of dynamic execution for debugging purposes.\n- [EXTERNAL_DOWNLOADS]: The 'Prototype' playbook in playbooks/prototype.md suggests using CDN-hosted dependencies for rapid UI exploration, which is consistent with benign prototyping practices.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 08:14 AM
Security Audit — agent-trust-hub — poteto-mode