monitor-aeo

Pass

Audited by Gen Agent Trust Hub on Jul 4, 2026

Risk Level: SAFE
Full Analysis
  • [INDIRECT_PROMPT_INJECTION]: The skill represents a surface for indirect prompt injection because it ingests untrusted external data, specifically operator-supplied JSON/CSV exports and content fetched from remote domains (llms.txt, robots.txt). A malicious actor could attempt to embed instructions in these files to influence the agent's analysis or reporting. This is mitigated by the 'ingest, don't infer' directive and the 'No fabricated evidence' quality gate.
  • [COMMAND_EXECUTION]: The skill uses local TypeScript scripts (manifest-sync.ts, bootstrap-experience.ts) to manage its data manifest and directory structure. These scripts use standard file system operations and do not execute untrusted commands or interact with sensitive system paths.
  • [EXTERNAL_DOWNLOADS]: The skill uses the WebFetch tool to retrieve documentation files like /llms.txt and /robots.txt from the subject domain being monitored. This is the intended primary purpose of the skill and is handled using neutral, procedural logic.
  • [DATA_EXFILTRATION]: While the skill possesses network capabilities (WebFetch) and file access (Read, Bash), its instructions and sub-agent prompts are focused exclusively on internal data processing and reporting within the specified project directories. No exfiltration patterns were observed.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 4, 2026, 10:16 PM
Security Audit — agent-trust-hub — monitor-aeo