source-command-track-mentions

Pass

Audited by Gen Agent Trust Hub on May 26, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it reads and processes data from external, untrusted sources which could contain malicious instructions.\n
  • Ingestion points: Untrusted data enters the agent context via Perplexity search results, WebSearch queries, and WebFetch operations on candidate URLs as defined in Step 2.\n
  • Boundary markers: There are no explicit instructions or delimiters used to isolate the external content or warn the agent to ignore any embedded instructions within the fetched text.\n
  • Capability inventory: The skill has the capability to write to local files (docs/media-mentions/mentions.yaml) and execute shell commands via git as described in Steps 5 and 8.\n
  • Sanitization: The skill does not implement explicit sanitization of the fetched data; it relies on the model to infer fields like platform and date from the retrieved snippets.\n- [COMMAND_EXECUTION]: The skill executes local git commands to persist updates to the mentions tracker.\n
  • Evidence: Step 8 includes a bash block to run git add and git commit to save the changes made to the documentation directory.
Audit Metadata
Risk Level
SAFE
Analyzed
May 26, 2026, 10:40 AM
Security Audit — agent-trust-hub — source-command-track-mentions