skills/kunchenguid/firstmate/afk/Gen Agent Trust Hub

afk

Pass

Audited by Gen Agent Trust Hub on Jul 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local shell scripts located in the bin/ directory (e.g., bin/fm-supervise-daemon.sh) and uses standard utilities like nohup, kill, and date to manage a background process and track state.
  • [DATA_EXPOSURE]: The skill manages persistent state by reading from and writing to the local state/ directory (e.g., .afk, .supervise-daemon.pid, and event queues). No network-based exfiltration or credential access is performed.
  • [PROMPT_INJECTION]: The skill describes an 'Indirect Prompt Injection' surface where it ingests external signals and status content to determine when to escalate events to the user.
  • Ingestion points: The bin/fm-classify-lib.sh library processes wake reasons and status lines from the execution environment.
  • Boundary markers: It implements a sentinel marker contract using ASCII 0x1f (Unit Separator) to help the agent distinguish between human input and automated injections.
  • Capability inventory: The skill can execute shell scripts, read/write local state files, and interact with tmux panes via bin/fm-tmux-lib.sh.
  • Sanitization: It includes logic to strip markers and collapse newlines in digests before injection to maintain format integrity.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 1, 2026, 05:49 AM
Security Audit — agent-trust-hub — afk