bot-status
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill employs standard shell commands (
ls,cat,curl,sqlite3,du,wc) to inspect the local filesystem and verify service availability. All operations are confined to the bot's workspace and application-specific directories. - [DATA_EXFILTRATION]: The skill reads from application configuration files (
.pi/settings.json) and database files (.pi/db/aivena.db). It implements security best practices by requiring read-only database access and strictly masking sensitive credentials to prevent exposure in the generated report. - [PROMPT_INJECTION]: The skill aggregates data from several internal sources that may contain user-controlled content, creating a potential surface for indirect prompt injection.
- Ingestion points: Processes content from
MEMORY.md, CRM contact lists, calendar events, and task descriptions. - Boundary markers: Absent; the instructions do not specify the use of delimiters or 'ignore' instructions for the ingested text.
- Capability inventory: The agent has access to shell command execution and local database querying tools.
- Sanitization: No explicit sanitization or input validation is mentioned for the data retrieved from the various subsystems.
Audit Metadata