skills/danielmiessler/lifeos/Ideate/Gen Agent Trust Hub

Ideate

Pass

Audited by Gen Agent Trust Hub on Jun 30, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Every workflow file (Dream.md, FullCycle.md, Mate.md, QuickCycle.md, Steal.md, Test.md) includes instructions to execute curl commands. These commands perform POST requests to http://localhost:31337/notify to provide local status notifications.
  • [COMMAND_EXECUTION]: The skill maintains an execution log by appending JSON-formatted entries to ~/.claude/PAI/MEMORY/SKILLS/execution.jsonl using the echo command and shell redirection at the conclusion of each workflow.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core functionality of ingesting and iteratively processing untrusted external data.
  • Ingestion points: Untrusted content enters the system during the CONSUME and STEAL phases, which invoke the Research skill to gather information from external domains and patterns (Workflows/FullCycle.md, Workflows/Steal.md).
  • Boundary markers: The instructions do not define the use of delimiters or 'ignore' instructions when presenting researched data to subsequent agent phases (DREAM, MATE, etc.).
  • Capability inventory: The system can perform network requests (curl), file writes (echo), and invoke various other skills and tools.
  • Sanitization: There is no evidence of sanitization, validation, or escaping of the external content before it is interpolated into agent prompts throughout the evolutionary loop.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 30, 2026, 03:34 PM
Security Audit — agent-trust-hub — Ideate