ulysses-protocol
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: Comprehensive analysis of the provided instructions, specifications, and scripts shows no evidence of malicious intent, data exfiltration, or unauthorized persistence.
- [COMMAND_EXECUTION]: The helper script
scripts/ulysses.shperforms local state management using standard development commands such asgit add,git commit, andjqfilters. - [REMOTE_CODE_EXECUTION]: The skill utilizes the
thoughtbox_executetool to run agent-authored validation code (validator cells) within a cloud-based environment, which is the core intended mechanism of the protocol. - [PROMPT_INJECTION]: The protocol includes built-in mitigations for indirect prompt injection by requiring the agent to define and 'freeze' its validation logic before it observes the actual system data (the 'observed' JSON), preventing the data from manipulating the verification process.
Audit Metadata