unseen-servant
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted external data such as inbox items and repository metadata during routine maintenance. This creates a surface for instructions embedded in that data to influence agent behavior. * Ingestion points: Project files, code branches, and inbox content (SKILL.md). * Boundary markers: Procedure requires establishing success conditions and no-touch boundaries before action. * Capability inventory: Potential for file system operations and network access related to dependency management. * Sanitization: Mitigation relies on human confirmation gates and activity logging rather than technical input sanitization.
- [PERSISTENCE_MECHANISMS]: The skill's primary function is to create a persistent background agent loop. To mitigate risks associated with unauthorized persistence, the instructions include a mandatory activity log and a user-controlled dismiss mechanism.
- [COMMAND_EXECUTION]: The automation of tasks like dependency updates and log rotation involves shell command execution. The skill includes a guardrail requiring explicit confirmation before live actions that touch system boundaries.
Audit Metadata