Knowledge

Pass

Audited by Gen Agent Trust Hub on Jun 30, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill heavily relies on shell commands for searching and archive maintenance. In the search command, user-provided arguments are interpolated directly into rg (ripgrep) calls (e.g., rg -i "$ARGUMENTS"). Without explicit sanitization or escaping, this pattern could lead to command injection if the underlying agent platform's shell execution bridge is vulnerable to argument splitting.
  • [EXTERNAL_DOWNLOADS]: The ingest command enables the retrieval of content from arbitrary external URLs using WebFetch or curl -sL. This functionality is used to populate the local knowledge base with remote data.
  • [PROMPT_INJECTION]: The ingest and 'ripple pass' workflow represents an indirect prompt injection surface. The skill fetches untrusted data from URLs or files and uses it to update a persistent knowledge archive. Malicious instructions or false claims embedded in these sources could influence the agent's long-term knowledge base or trigger unintended 'ripple' updates to other notes.
  • Ingestion points: ingest <url-or-file> function.
  • Boundary markers: None specified for isolating ingested content during processing.
  • Capability inventory: Subprocess execution (rg, bun), file-system writes, and network operations (curl).
  • Sanitization: No sanitization or validation of the fetched content is mentioned before it is integrated into the archive.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 30, 2026, 03:33 PM
Security Audit — agent-trust-hub — Knowledge