paper-know-journal

Pass

Audited by Gen Agent Trust Hub on Jun 21, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill is designed to fetch and process data from unmoderated third-party sources like Reddit, X/Twitter, and various forums, which could contain malicious instructions (File: SKILL.md, references/source-policy.md).
  • Ingestion points: Community feedback and social media posts are ingested into the agent context.
  • Boundary markers: Absent; there are no instructions to encapsulate external content or ignore embedded instructions within it.
  • Capability inventory: The skill can execute local scripts, write to the filesystem, and upload data to a remote repository via the GitHub CLI.
  • Sanitization: No sanitization or validation of external content is described.
  • [COMMAND_EXECUTION]: Subprocess Execution. The skill executes its own Python scripts (init_workspace.py, validate_report.py) and utilizes the system gh (GitHub CLI) tool for reporting bugs and managing the workspace (File: SKILL.md, README.md).
  • [DATA_EXFILTRATION]: Remote Data Transmission. The skill can transmit local data from ~/.bensz-skills/bugs/ to the vendor's repository huangwb8/bensz-bugs on GitHub. This action is conditional and triggered by explicit user request (File: SKILL.md).
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 21, 2026, 02:37 PM
Security Audit — agent-trust-hub — paper-know-journal