skills/duyet/claude-plugins/dream/Gen Agent Trust Hub

dream

Pass

Audited by Gen Agent Trust Hub on Jun 25, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes data from untrusted external sources and integrates it into the knowledge base.
  • Ingestion points: Untrusted data enters the agent context from files in the raw/inbox/ directory (Step 3) and from external content fetched via URLs in the sources: metadata field (Step 8).
  • Boundary markers: The instructions do not define delimiters or specific warnings to prevent the agent from following instructions embedded within the ingested data.
  • Capability inventory: The skill performs file reads, writes, and deletions across the KB directory and executes network requests to fetch remote content.
  • Sanitization: There is no evidence of sanitization or validation of the ingested content before it is used to update or merge notes.
  • [EXTERNAL_DOWNLOADS]: The skill performs network operations to retrieve data from URLs defined in a note's metadata.
  • Evidence: Step 8 (Refresh from sources) explicitly instructs the agent to fetch content from remote URLs, such as llms.txt files, when a note is considered stale.
  • [COMMAND_EXECUTION]: The skill's core functionality involves managing the local file system within the KB path.
  • Evidence: Steps 3 through 12 involve multiple file system operations, including reading note content, writing merged or split notes, and deleting processed inbox files or pruned notes.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 25, 2026, 04:44 PM
Security Audit — agent-trust-hub — dream