afk-exploration
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The orchestrator manages research artifacts using file system operations such as directory creation (
mkdir -p), file listing (ls), and system time calculation (date +%s). Subagents analyze the codebase using file read and search tools. - [EXTERNAL_DOWNLOADS]: Research subagents are authorized to perform web searches and access online documentation to gather data from external sources.
- [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection (Category 8). Ingestion points: Data from the codebase (via read/grep) and web search results are ingested into subagent prompts. Boundary markers: Instructions do not define specific delimiters for untrusted data. Capability inventory: Subagents have network access and file read capabilities, while the orchestrator handles file system management. Sanitization: Content from external sources is interpolated directly into prompts without escaping or validation.
Audit Metadata