client-update
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions specify shell commands such as 'mkdir', 'zip', and 'cp' that include placeholders like '[files]' and '[PROJECT]'. If the agent interpolates untrusted user input or malicious file system names into these commands without rigorous shell escaping, it could lead to arbitrary command execution on the host system.
- [CREDENTIALS_UNSAFE]: The SKILL.md file contains hardcoded personally identifiable information (PII), specifically a client email address ('cynthia.debriey@gmail.com') and a WhatsApp phone number ('50763807634@c.us') within the workflow steps and project-specific configurations.
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection due to its processing of local project files before communicating externally. (1) Ingestion points: Local files located at '~/projects/' and user-provided asset names. (2) Boundary markers: No explicit delimiters or instructions are provided to the agent to treat file content as untrusted or to ignore embedded instructions. (3) Capability inventory: Shell command execution ('zip', 'cp'), email transmission ('mcp__gmail__send_email'), and WhatsApp messaging ('mcp__periskope-whatsapp__periskope_send_message'). (4) Sanitization: There is no evidence of input validation or content sanitization performed on the files or metadata before they are processed or transmitted.
Audit Metadata