leaf-soul
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to run the 'leaf profile' command to retrieve configuration from machine-global (~/.config/leaf/profile.md) and repository-local (.leaf/PROFILE.md) sources.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it directs the agent to adopt instructions found in repository-local configuration files (.leaf/PROFILE.md). If a user clones a repository containing a malicious profile, the agent may adopt unintended rules or behaviors. 1. Ingestion points: .leaf/PROFILE.md (repository-local file). 2. Boundary markers: Absent; the skill instructs the agent to apply these entries directly to its conduct. 3. Capability inventory: This skill primarily defines persona and reporting conduct; it does not define high-risk tools like arbitrary code execution or external network requests itself. 4. Sanitization: No validation or sanitization of the profile content is performed before the instructions are integrated into the agent's behavior.
Audit Metadata