checkpoint

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill's primary function is to perform local state management. It instructs the agent to gather analysis context and write it to plans/reports/checkpoint-{timestamp}-{slug}.md. This is a standard operational practice for agents handling complex tasks.
  • [DATA_EXFILTRATION]: While the skill reads project configuration files (e.g., docs/project-config.json) and task context, it does so for legitimate local processing. No evidence of network transmission or exfiltration to external domains was found.
  • [COMMAND_EXECUTION]: The skill references environment-specific CLI aliases and tools (such as $project-init, $scan, and date) to facilitate project setup and file naming. These commands are part of the intended development environment and do not constitute arbitrary or malicious command execution.
  • [PROMPT_INJECTION]: The instructions include behavioral directives such as 'Ignore Claude-specific mode-switch instructions' and 'Subagent authorization'. These are framed as compatibility notes for the Codex platform and operational rules for tool usage rather than adversarial attempts to bypass safety filters or exfiltrate data.
  • [DATA_EXPOSURE]: The skill processes analysis findings and file references to create checkpoints. This establishes a surface for Indirect Prompt Injection (Category 8) where malicious data in analyzed files could influence the checkpoint's content. However, given the local-only nature of the file writes and the utility's intended purpose, this risk is minimal and consistent with typical agent operation.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 07:35 PM
Security Audit — agent-trust-hub — checkpoint