popcorn-xp-protocol
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The protocol utilizes local project-specific files and an internal messaging tool for communication between agents.
- [COMMAND_EXECUTION]: The skill instructs the agent to use a local helper script (.popcorn-xp/{team-name}/session) to log session metadata. This script is created locally by the session lead and is used for standard project state management.
- [DATA_EXFILTRATION]: Analysis of file and network access shows the skill restricts operations to the local project directory and internal communication tools (SendMessage). No external network requests or sensitive file access were detected.
- [PROMPT_INJECTION]: The protocol involves agents interacting with advice and messages provided by teammates, which creates a surface for indirect prompt injection.
- Ingestion points: Incoming messages via SendMessage and the ADVICE.md file.
- Boundary markers: The protocol suggests structural headers (e.g., OBJECTION, SMELL, RESOLVE) to delimit input types.
- Capability inventory: The agent possesses capabilities to edit local files and execute the local session script.
- Sanitization: No explicit sanitization or content validation is described in the protocol instructions.
- Conclusion: This surface is an inherent part of the skill's collaborative functionality and is managed through structured communication formats.
Audit Metadata