update-mascots

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent and user to execute a local Python script (update_mascots.py) which performs recursive file system operations, including walking directory trees, copying image files, and writing to configuration files (mkdocs.yml) and documentation (docs/list-mascots.md).
  • [DATA_EXPOSURE]: The script is configured to scan and read contents from all sibling directories within the ~/Documents/ws/ path. This involves reading directory structures, image files, and project configuration files (mkdocs.yml, image-prompts.md) outside the primary repository's root.
  • [INDIRECT_PROMPT_INJECTION]: The skill contains an attack surface where instructions embedded in the processed sibling projects could influence agent behavior.
  • Ingestion points: Reads mkdocs.yml, image-prompts.md, README.md, and other documentation from sibling projects under ~/Documents/ws/.
  • Boundary markers: None. The agent is instructed to read these files directly to author descriptive paragraphs.
  • Capability inventory: The skill can write to the local filesystem (docs/mascots/, mkdocs.yml) and execute Python code.
  • Sanitization: The script uses regular expressions to extract specific fields (names), but the agent is directed to use subject-domain judgment by reading the source files, creating a path for embedded content to affect the generated output.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 05:47 PM
Security Audit — agent-trust-hub — update-mascots