BeCreative

Pass

Audited by Gen Agent Trust Hub on Jun 30, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes several shell commands to manage its operations. It logs activity to a local execution file at ~/.claude/PAI/MEMORY/SKILLS/execution.jsonl using echo. It also employs the llm CLI tool within technical workflows to query model endpoints for algorithmic solutions, and uses curl for local system notifications.
  • [DATA_EXFILTRATION]: The skill makes POST requests to http://localhost:31337/notify to provide status updates. These network operations are confined to the local host and do not involve data transmission to external or untrusted domains.
  • [PROMPT_INJECTION]: The synthetic data expansion feature in Workflows/SyntheticDataExpansion.md presents a surface for indirect prompt injection.
  • Ingestion points: The workflow processes an untrusted "Seed corpus" provided by the user to generate expanded datasets.
  • Boundary markers: The corpus is delimited using simple markdown headers (e.g., 'SEED CORPUS:'), which offer limited protection against instructions embedded within the data.
  • Capability inventory: The skill possesses the capability to write multiple files (JSON, JSONL, MD) to the local work directory and execute shell commands for notifications and logging.
  • Sanitization: No explicit logic is implemented to sanitize or filter the input examples to prevent them from influencing the agent's behavior during the multi-turn generation process.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 30, 2026, 03:34 PM
Security Audit — agent-trust-hub — BeCreative