paper-know-journal
Pass
Audited by Gen Agent Trust Hub on Jun 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill is designed to fetch and process data from unmoderated third-party sources like Reddit, X/Twitter, and various forums, which could contain malicious instructions (File:
SKILL.md,references/source-policy.md). - Ingestion points: Community feedback and social media posts are ingested into the agent context.
- Boundary markers: Absent; there are no instructions to encapsulate external content or ignore embedded instructions within it.
- Capability inventory: The skill can execute local scripts, write to the filesystem, and upload data to a remote repository via the GitHub CLI.
- Sanitization: No sanitization or validation of external content is described.
- [COMMAND_EXECUTION]: Subprocess Execution. The skill executes its own Python scripts (
init_workspace.py,validate_report.py) and utilizes the systemgh(GitHub CLI) tool for reporting bugs and managing the workspace (File:SKILL.md,README.md). - [DATA_EXFILTRATION]: Remote Data Transmission. The skill can transmit local data from
~/.bensz-skills/bugs/to the vendor's repositoryhuangwb8/bensz-bugson GitHub. This action is conditional and triggered by explicit user request (File:SKILL.md).
Audit Metadata