automate-me
Pass
Audited by Gen Agent Trust Hub on Jul 10, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill instructs the agent to mine active workspace transcripts and conversation history to identify recurring patterns in user behavior. It includes a specific safety constraint to prevent the agent from accessing global product history or unrelated projects, thereby limiting the scope of data access to the current project environment.
- [COMMAND_EXECUTION]: The skill references the execution of local scripts and CLI workers (e.g.,
spawn-codex-worker,codex exec) and standard version control operations such as creating git worktrees and opening pull requests to land the generated skill. - [PROMPT_INJECTION]: As the skill ingests untrusted data from previous transcripts to generate new instructions, it possesses an indirect prompt injection surface. The skill attempts to mitigate this by requiring patterns to be verified across multiple "slices" of history (parallel subagent passes) before elevating them to high-confidence signals.
Audit Metadata