resonera
Warn
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Python script
compact_artifact.pyto manage theDECISIONS.mdfile. The command is constructed using environment variables (AGENTERA_HOMEorCLAUDE_PLUGIN_ROOT) to locate the script. This represents dynamic execution of a command string built from environment-derived paths.- [DATA_EXFILTRATION]: The skill reads from the user's decision profile (PROFILE.md) located in platform-specific data directories (XDG_DATA_HOME, AppData, etc.). While no network exfiltration was detected, accessing these sensitive paths constitutes a data exposure surface within the agent's context.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from the user's deliberation topic and thePROFILE.mdfile to drive its Socratic questioning process. This data is subsequently written to project artifacts. - Ingestion points: Deliberation topic (user input),
PROFILE.md(external file), and existing project artifacts (DECISIONS.md,VISION.md). - Boundary markers: The skill employs structural headers and container dividers (e.g.,
── scratchpad) to organize its reasoning and output. - Capability inventory: Performs file writes to multiple project artifacts (
DECISIONS.md,VISION.md,OBJECTIVE.md,TODO.md) and executes a Python script via subprocess. - Sanitization: There is no evidence of sanitization, escaping, or validation of the ingested data before it is interpolated into prompts or written to files.
Audit Metadata