skills/joyco-studio/skills/joyco-logs/Gen Agent Trust Hub

joyco-logs

Pass

Audited by Gen Agent Trust Hub on Jun 26, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute curl shell commands to fetch development logs from a remote server.
  • [EXTERNAL_DOWNLOADS]: Fetches markdown content and index files from https://hub.joyco.studio/logs.md and related subpaths. This domain is associated with the skill's author, joyco-studio.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and follows instructions or patterns found in externally hosted logs.
  • Ingestion points: External markdown files fetched from hub.joyco.studio (documented in SKILL.md).
  • Boundary markers: None identified; external content is read directly into the agent's context to inform planning and implementation.
  • Capability inventory: The skill uses curl for network access and the agent uses the retrieved information to perform code planning, debugging, and implementation.
  • Sanitization: No sanitization or validation of the remote markdown content is performed before the agent processes it.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 26, 2026, 01:24 PM
Security Audit — agent-trust-hub — joyco-logs