BeCreative
Pass
Audited by Gen Agent Trust Hub on Jun 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes several shell commands to manage its operations. It logs activity to a local execution file at
~/.claude/PAI/MEMORY/SKILLS/execution.jsonlusingecho. It also employs thellmCLI tool within technical workflows to query model endpoints for algorithmic solutions, and usescurlfor local system notifications. - [DATA_EXFILTRATION]: The skill makes POST requests to
http://localhost:31337/notifyto provide status updates. These network operations are confined to the local host and do not involve data transmission to external or untrusted domains. - [PROMPT_INJECTION]: The synthetic data expansion feature in
Workflows/SyntheticDataExpansion.mdpresents a surface for indirect prompt injection. - Ingestion points: The workflow processes an untrusted "Seed corpus" provided by the user to generate expanded datasets.
- Boundary markers: The corpus is delimited using simple markdown headers (e.g., 'SEED CORPUS:'), which offer limited protection against instructions embedded within the data.
- Capability inventory: The skill possesses the capability to write multiple files (JSON, JSONL, MD) to the local work directory and execute shell commands for notifications and logging.
- Sanitization: No explicit logic is implemented to sanitize or filter the input examples to prevent them from influencing the agent's behavior during the multi-turn generation process.
Audit Metadata