afk
Pass
Audited by Gen Agent Trust Hub on Jul 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local shell scripts located in the
bin/directory (e.g.,bin/fm-supervise-daemon.sh) and uses standard utilities likenohup,kill, anddateto manage a background process and track state. - [DATA_EXPOSURE]: The skill manages persistent state by reading from and writing to the local
state/directory (e.g.,.afk,.supervise-daemon.pid, and event queues). No network-based exfiltration or credential access is performed. - [PROMPT_INJECTION]: The skill describes an 'Indirect Prompt Injection' surface where it ingests external signals and status content to determine when to escalate events to the user.
- Ingestion points: The
bin/fm-classify-lib.shlibrary processes wake reasons and status lines from the execution environment. - Boundary markers: It implements a sentinel marker contract using ASCII 0x1f (Unit Separator) to help the agent distinguish between human input and automated injections.
- Capability inventory: The skill can execute shell scripts, read/write local state files, and interact with tmux panes via
bin/fm-tmux-lib.sh. - Sanitization: It includes logic to strip markers and collapse newlines in digests before injection to maintain format integrity.
Audit Metadata