agent-pulse
Pass
Audited by Gen Agent Trust Hub on May 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on executing the
agent-pulseCLI tool to gather metrics and perform diagnostics. A helper scriptscripts/run_agent_pulse_snapshot.pyuses the Pythonsubprocessmodule to run multiple subcommands and aggregate JSON results. - [EXTERNAL_DOWNLOADS]: The skill instructions direct the user to install the
agentpulse-clipackage from PyPI and optional web-related extras usingpip. - [DATA_EXFILTRATION]: The tool can start local web (
agent-pulse web) and API (agent-pulse api) servers on ports 8765 and 8766. While intended for local access, these features expose agent session logs and metrics over the network. The skill also reads potentially sensitive historical activity logs from various third-party AI agents. - [PROMPT_INJECTION]: The skill processes logs from multiple external agents, creating an indirect prompt injection surface where malicious content within ingested logs could attempt to influence the agent's behavior.
- Ingestion points: Reads agent logs via subcommands such as
search,status, andtopas defined inSKILL.md. - Boundary markers: None identified; there are no explicit instructions to disregard or sanitize commands found within log content.
- Capability inventory: Shell command execution in
SKILL.mdandscripts/run_agent_pulse_snapshot.py(viasubprocess.run). - Sanitization: None; the agent summarizes raw CLI output which may contain content from external logs.
Audit Metadata