skills/lvlup-sw/exarchos/invariants/Gen Agent Trust Hub

invariants

Pass

Audited by Gen Agent Trust Hub on Jul 7, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill enforces a strict division of labor where the AI agent only handles natural-language elicitation, while all file operations and schema validations are performed by a dedicated tool (exarchos_orchestrate). This prevents the agent from directly manipulating YAML files or introducing malformed configurations.\n- [SAFE]: The enforcement mechanism is limited to a declarative DSL (grep, structural, heuristic patterns) and explicitly excludes executable components like script, exec, or shell. This design choice prevents the creation of malicious invariants that could execute arbitrary code during a review process.\n- [SAFE]: The skill implements a mandatory 'dry-run' and explicit confirmation step before committing any changes to the file system. This human-in-the-loop requirement ensures that the user reviews the exact changes being made, mitigating the risk of unintended modifications.\n- [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface because it allows users to author natural language audit-prompt fields that guide downstream analysis agents. \n
  • Ingestion points: User input provided during the invariant authoring interview (SKILL.md, Step 1 and 4).\n
  • Boundary markers: None specified for the interpolated audit-prompt content within the generated YAML structure.\n
  • Capability inventory: File writing capabilities are gated through the exarchos_orchestrate tool (SKILL.md).\n
  • Sanitization: Relies on schema validation in the invariants_add action, though the natural language content is not sanitized against adversarial instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 7, 2026, 06:24 PM
Security Audit — agent-trust-hub — invariants