show-me-your-work

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes a local shell script (scripts/log.sh) for logging. The script implements defensive measures by sanitizing inputs and escaping characters that could be interpreted as formulas in spreadsheet applications, mitigating potential CSV injection.
  • [DATA_EXPOSURE]: The instructions guide the agent to review its own transcripts for auditing but strictly prohibit accessing files outside the active project context, protecting user privacy.
  • [PROMPT_INJECTION]: A cross-model review pattern is described which involves a secondary agent reading log data. While this is an ingestion point for potentially untrusted data, the risk of indirect prompt injection is addressed through input sanitization and a structured data format.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 05:21 AM
Security Audit — agent-trust-hub — show-me-your-work