geo-sentinel
Pass
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions require the execution of shell scripts located in the environment at
workspace/scripts/code-debugger-task-bootstrap.shandworkspace/scripts/deliver-report.sh. These scripts are not included in the skill package, and their logic cannot be verified during static analysis. - [DATA_EXFILTRATION]: The skill includes a dedicated phase for 'Feishu Delivery', which involves copying generated forecast reports and sending them to an external communication platform (Feishu/Lark). While this is the intended functionality, it constitutes a data exfiltration vector for the analyzed intelligence.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its multi-round intelligence gathering process.
- Ingestion points: Phase 1 involves multiple rounds of keyword searches across various web providers (Brave, Tavily, Zhipu, etc.), with raw results stored in
sources/raw/. - Boundary markers: The instructions do not specify the use of delimiters or 'ignore' instructions when the agent processes the
intel_packetin Phase 2. - Capability inventory: The agent has the capability to execute shell scripts (
bash) and perform network-based delivery to external services. - Sanitization: No sanitization or verification steps are defined for the external data before it is processed by the reasoning layer or the Python engine.
Audit Metadata