Skills
skills/danielmiessler/personal_ai_infrastructure/Knowledge/Gen Agent Trust Hub

Knowledge

Pass

Audited by Gen Agent Trust Hub on May 2, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill implements an ingest command that fetches and processes content from user-provided URLs or local files. This represents an Indirect Prompt Injection surface where malicious instructions embedded in the ingested content could potentially influence the agent's behavior during the classification, summarization, or 'ripple update' phases.
  • Ingestion points: The ingest <url-or-file> command (Step 1) fetches content from external sources.
  • Boundary markers: The skill does not define explicit boundary markers or instructions to ignore embedded commands within the fetched content.
  • Capability inventory: The skill can execute local tools via bun, perform file system writes to the KNOWLEDGE/ directory, run searches via rg, and execute network fetches via curl.
  • Sanitization: There is no evidence of content sanitization or validation before the agent processes the external data.
  • [COMMAND_EXECUTION]: The skill frequently executes shell commands and local TypeScript tools as part of its core functionality.
  • Runs several scripts via bun: KnowledgeHarvester.ts, KnowledgeGraph.ts, MemoryRetriever.ts, and SessionHarvester.ts.
  • Uses rg (ripgrep) to search through markdown files in the ~/.claude/PAI/MEMORY/KNOWLEDGE/ directory based on user-supplied arguments.
  • [EXTERNAL_DOWNLOADS]: The ingest command performs network operations to retrieve external content.
  • It utilizes curl -sL as a fallback mechanism to fetch data from URLs provided by the user if the primary fetch tool fails.
Audit Metadata
Risk Level
SAFE
Analyzed
May 2, 2026, 01:03 AM