client-update

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructions specify shell commands such as 'mkdir', 'zip', and 'cp' that include placeholders like '[files]' and '[PROJECT]'. If the agent interpolates untrusted user input or malicious file system names into these commands without rigorous shell escaping, it could lead to arbitrary command execution on the host system.
  • [CREDENTIALS_UNSAFE]: The SKILL.md file contains hardcoded personally identifiable information (PII), specifically a client email address ('cynthia.debriey@gmail.com') and a WhatsApp phone number ('50763807634@c.us') within the workflow steps and project-specific configurations.
  • [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection due to its processing of local project files before communicating externally. (1) Ingestion points: Local files located at '~/projects/' and user-provided asset names. (2) Boundary markers: No explicit delimiters or instructions are provided to the agent to treat file content as untrusted or to ignore embedded instructions. (3) Capability inventory: Shell command execution ('zip', 'cp'), email transmission ('mcp__gmail__send_email'), and WhatsApp messaging ('mcp__periskope-whatsapp__periskope_send_message'). (4) Sanitization: There is no evidence of input validation or content sanitization performed on the files or metadata before they are processed or transmitted.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 11:30 AM
Security Audit — agent-trust-hub — client-update