port-daddy
Pass
Audited by Gen Agent Trust Hub on Jun 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill provides multiple mechanisms to execute shell commands as part of its coordination workflow. Tools such as
pd watch --exec,pd with-lock, and the 'fleet' background agent system are designed to run local scripts or commands in response to events like git commits or pub/sub messages. - [PROMPT_INJECTION]: The skill facilitates an indirect prompt injection surface by allowing agents to share data (notes, tuples, and pheromones) that is subsequently ingested by other agents. This creates a vector where malicious or compromised agents could influence the behavior of others.
- Ingestion points: Agents ingest data from shared sources via
pd sitrep,pd notes,pd salvage,pd pheromone sniff, andpd tuple rd(as seen inSKILL.mdandschemas/mcp-tool-catalog.md). - Boundary markers: The instructions do not specify or recommend the use of delimiters or 'ignore' instructions when processing data originated from other agents.
- Capability inventory: The skill possesses significant capabilities including arbitrary command execution (
pd watch), background agent spawning (pd spawn), and the installation of git hooks (pd fleet init). - Sanitization: There is no evidence of sanitization, validation, or filtering of the content within notes or tuples before they are presented to or processed by other agents.
- [EXTERNAL_DOWNLOADS]: The
architecture.htmlfile fetches the Mermaid.js library from the well-knowncdn.jsdelivr.netservice. This is used neutrally to render architectural diagrams within the provided documentation and follows established safe practices for documentation assets.
Audit Metadata