micepad
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Interacts with the system by executing the
micepadCLI binary to perform event management tasks as described inSKILL.md. - [EXTERNAL_DOWNLOADS]: Fetches event and participant list templates from the Micepad platform. The skill requires the pre-installation of the
micepadCLI binary on the host system. - [DATA_EXFILTRATION]: Capability to read local files and upload them to the Micepad platform via the
pax import uploadcommand. This is a core feature of the skill, andSKILL.mdincludes specific safety rules to prevent automated abuse, such as requiring manual confirmation of data mappings and validation results. - [PROMPT_INJECTION]: Subject to potential indirect prompt injection through ingested data.
- Ingestion points: Reads data from local CSV/XLSX files and retrieves participant/event information from the Micepad API (documented in
SKILL.md). - Boundary markers: Absent; the instructions do not specify the use of clear delimiters or instructions to ignore embedded commands when processing participant-supplied data.
- Capability inventory: Has the ability to execute shell commands via the
micepadCLI for data modification and communication (documented inSKILL.md). - Sanitization: Absent; there is no mention of sanitizing or escaping content retrieved from external files or API responses before it is used in subsequent operations.
Audit Metadata