Skills
skills/maneeshanif/ai-employee-hackathon-spec-driven/watcher-management/Gen Agent Trust Hub

watcher-management

Pass

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses subprocess.Popen in scripts/start_watchers.py and the example watchdog_manager.py to manage watcher processes. These calls execute local Python scripts using the current interpreter, with commands derived from hardcoded configurations.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by ingesting untrusted data from external sources.
  • Ingestion points: External data is ingested from Gmail messages (examples.md), WhatsApp messages (examples.md), and local file drops (examples.md).
  • Boundary markers: None identified. Content is directly interpolated into Markdown templates without delimiters or warnings for the agent to ignore embedded instructions.
  • Capability inventory: The skill uses tools including Read, Write, Edit, Bash, Glob, and Grep as defined in SKILL.md frontmatter.
  • Sanitization: The skill does not perform sanitization or filtering of the ingested content (e.g., email bodies or message previews) before writing it to the vault.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 9, 2026, 10:43 PM
Security Audit — agent-trust-hub — watcher-management