skills/danielmiessler/lifeos/System/Gen Agent Trust Hub

System

Pass

Audited by Gen Agent Trust Hub on Jun 30, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The WorkContextRecall and DocumentSession workflows analyze session transcripts and project files, creating an indirect prompt injection surface.
  • Ingestion points: Session logs located in ~/.claude/projects/ and project artifacts in MEMORY/ (Workflows/DocumentRecent.md, Workflows/WorkContextRecall.md).
  • Boundary markers: Absent; the skill does not use specific delimiters or instructions to prevent the agent from obeying commands embedded in the ingested text.
  • Capability inventory: The skill can execute shell commands (git, grep, find), write new files to the system via CreateUpdate.ts, and perform network notifications (Workflows/IntegrityCheck.md).
  • Sanitization: Absent; ingested content is processed directly for AI synthesis without escaping or validation.
  • [COMMAND_EXECUTION]: The skill performs numerous shell-based operations for system health monitoring and repository management, utilizing tools like git, grep, find, and the bun runtime.
  • [SAFE]: The network requests observed are curl commands directed to localhost:8888 for status notifications. Since localhost is a whitelisted domain, this does not constitute a data exfiltration risk.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 30, 2026, 03:34 PM
Security Audit — agent-trust-hub — System