joyco-logs
Pass
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute
curlshell commands to fetch development logs from a remote server. - [EXTERNAL_DOWNLOADS]: Fetches markdown content and index files from
https://hub.joyco.studio/logs.mdand related subpaths. This domain is associated with the skill's author,joyco-studio. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and follows instructions or patterns found in externally hosted logs.
- Ingestion points: External markdown files fetched from
hub.joyco.studio(documented in SKILL.md). - Boundary markers: None identified; external content is read directly into the agent's context to inform planning and implementation.
- Capability inventory: The skill uses
curlfor network access and the agent uses the retrieved information to perform code planning, debugging, and implementation. - Sanitization: No sanitization or validation of the remote markdown content is performed before the agent processes it.
Audit Metadata