poteto-mode
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill manages an indirect prompt injection surface through its 'Eval' and 'Forensics' playbooks.\n
- Ingestion points: Accesses agent transcripts in
agent-transcripts/and profiling artifacts such as.cpuprofileand.heapsnapshotinplaybooks/eval.mdandplaybooks/trace-forensics.md.\n - Boundary markers: Includes specific directives in
playbooks/eval.mdandplaybooks/session-pickup.mdto avoid crossing workspace boundaries by prohibiting globbing of~/.cursor/projects/*/.\n - Capability inventory: Includes subagent spawning with specific types (
poteto-agent), Git worktree management, and GitHub PR interactions inplaybooks/opening-a-pr.md.\n - Sanitization: Employs environment and label sanitization for evaluation scenarios to prevent observer effects and ensure isolation.\n- [COMMAND_EXECUTION]: The skill performs standard developer operations using
gitandgh. It also utilizesCDP evalfor runtime instrumentation inplaybooks/runtime-forensics.md, which is a legitimate use of dynamic execution for debugging purposes.\n- [EXTERNAL_DOWNLOADS]: The 'Prototype' playbook inplaybooks/prototype.mdsuggests using CDN-hosted dependencies for rapid UI exploration, which is consistent with benign prototyping practices.
Audit Metadata