Skills
skills/hmbown/wizards-of-the-ghosts/dream/Gen Agent Trust Hub

dream

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the curl binary to perform network requests to the Slack API.
  • [DATA_EXFILTRATION]: The skill transmits summarized briefings to an external Slack workspace using a provided API token.
  • [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection when processing external content.
  • Ingestion points: The skill ingests "overnight inputs" from external sources (SKILL.md).
  • Boundary markers: No explicit delimiters or isolation instructions are provided to separate untrusted inputs from the agent's instructions.
  • Capability inventory: The skill uses curl to interact with the Slack API's chat.scheduleMessage method (SKILL.md).
  • Sanitization: There are no instructions to sanitize, validate, or filter the external data before it is processed.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 02:30 AM
Security Audit — agent-trust-hub — dream