Knowledge
Pass
Audited by Gen Agent Trust Hub on Jun 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill heavily relies on shell commands for searching and archive maintenance. In the
searchcommand, user-provided arguments are interpolated directly intorg(ripgrep) calls (e.g.,rg -i "$ARGUMENTS"). Without explicit sanitization or escaping, this pattern could lead to command injection if the underlying agent platform's shell execution bridge is vulnerable to argument splitting. - [EXTERNAL_DOWNLOADS]: The
ingestcommand enables the retrieval of content from arbitrary external URLs usingWebFetchorcurl -sL. This functionality is used to populate the local knowledge base with remote data. - [PROMPT_INJECTION]: The
ingestand 'ripple pass' workflow represents an indirect prompt injection surface. The skill fetches untrusted data from URLs or files and uses it to update a persistent knowledge archive. Malicious instructions or false claims embedded in these sources could influence the agent's long-term knowledge base or trigger unintended 'ripple' updates to other notes. - Ingestion points:
ingest <url-or-file>function. - Boundary markers: None specified for isolating ingested content during processing.
- Capability inventory: Subprocess execution (rg, bun), file-system writes, and network operations (curl).
- Sanitization: No sanitization or validation of the fetched content is mentioned before it is integrated into the archive.
Audit Metadata