skills/danielmiessler/lifeos/ISA/Gen Agent Trust Hub

ISA

Pass

Audited by Gen Agent Trust Hub on Jun 30, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute a background shell command (curl) to a local notification service at http://localhost:31337/notify whenever a workflow is invoked. This appears to be a local instrumentation for the user's environment.
  • [PROMPT_INJECTION]: The Seed workflow (Workflows/Seed.md) identifies an attack surface for indirect prompt injection. The skill ingests content from external sources to bootstrap project documentation.
  • Ingestion points: Workflows/Seed.md reads untrusted data from local repository files, including README.md, package.json, tsconfig.json, wrangler.toml, vite.config.*, and git commit history.
  • Boundary markers: The workflow does not explicitly instruct the agent to use delimiters or 'ignore' instructions when processing the content of these files.
  • Capability inventory: The skill has the capability to write and edit files in the workspace and execute shell commands (curl, git, wc).
  • Sanitization: There are no instructions provided for sanitizing or validating the ingested file content before it is incorporated into the new ISA artifact.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 30, 2026, 03:33 PM
Security Audit — agent-trust-hub — ISA