Skills
skills/danielmiessler/personal_ai_infrastructure/Daemon/Gen Agent Trust Hub

Daemon

Warn

Audited by Gen Agent Trust Hub on May 2, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill is architected to read sensitive user data from private directories (TELOS, KNOWLEDGE, MEMORY/WORK, PRINCIPAL_IDENTITY) and publish it to public repositories and web endpoints. Specifically, UpdateDaemon.md copies aggregated content to ~/Projects/daemon/ and executes a git push to a public repository. Although SecurityFilter.ts performs regex-based redaction, this mechanism is prone to bypass via encoding or variations, presenting a risk of leaking private information.
  • [COMMAND_EXECUTION]: The skill relies on shell command execution for its core functionality. It uses bun to execute local TypeScript tools, git for repository synchronization, and cp for file operations. Additionally, SKILL.md triggers a background curl request to localhost:31337 for voice notifications.
  • [EXTERNAL_DOWNLOADS]: The DeployDaemon workflow executes bun install within the Mcp directory. This results in the download and installation of external Node.js dependencies from public registries during the deployment process.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. The UpdateDaemon and ReadDaemon workflows involve the agent reading, summarizing, and displaying content from user-controlled files (TELOS, KNOWLEDGE, etc.). If these files contain malicious instructions, they could influence the agent's actions while it processes the data.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 2, 2026, 01:03 AM
Security Audit — agent-trust-hub — Daemon