update-mascots
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent and user to execute a local Python script (
update_mascots.py) which performs recursive file system operations, including walking directory trees, copying image files, and writing to configuration files (mkdocs.yml) and documentation (docs/list-mascots.md). - [DATA_EXPOSURE]: The script is configured to scan and read contents from all sibling directories within the
~/Documents/ws/path. This involves reading directory structures, image files, and project configuration files (mkdocs.yml,image-prompts.md) outside the primary repository's root. - [INDIRECT_PROMPT_INJECTION]: The skill contains an attack surface where instructions embedded in the processed sibling projects could influence agent behavior.
- Ingestion points: Reads
mkdocs.yml,image-prompts.md,README.md, and other documentation from sibling projects under~/Documents/ws/. - Boundary markers: None. The agent is instructed to read these files directly to author descriptive paragraphs.
- Capability inventory: The skill can write to the local filesystem (
docs/mascots/,mkdocs.yml) and execute Python code. - Sanitization: The script uses regular expressions to extract specific fields (names), but the agent is directed to use subject-domain judgment by reading the source files, creating a path for embedded content to affect the generated output.
Audit Metadata