Skills
skills/kcaswick/agent-skills/controller-proxy-watchdog/Gen Agent Trust Hub

controller-proxy-watchdog

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill implements an indirect prompt injection surface by aggregating data from external sources and injecting it into prompts for other agents.
  • Ingestion points: The script scripts/watchdog_controller_proxy.sh ingests data from br (bead tracking tool) and tmux pane metadata (titles and captures).
  • Boundary markers: The skill uses delimiters such as <<<WATCHDOG TICK>>> and <<<END WATCHDOG TICK>>> to wrap injected content, which provides some separation but does not fully neutralize malicious instructions embedded in the ingested data.
  • Capability inventory: The skill uses ntm --robot-send to transmit instructions to a controller agent and tmux send-keys to interact with shell panes. If the ingested data contains malicious instructions, they could influence the controller agent's subsequent tool usage.
  • Sanitization: The skill performs basic sanitization using strip_ansi to remove formatting and rg for pattern matching, but it does not validate or escape the content of bead identifiers or pane titles before interpolation into the coordination prompts.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 06:54 PM
Security Audit — agent-trust-hub — controller-proxy-watchdog