printing-press-retro

Warn

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill packages project manuscripts (research briefs, logs, proofs) and the generated CLI source code into ZIP archives and uploads them to the public third-party domain https://catbox.moe/user/api.php using curl.
  • Evidence: references/artifact-packaging.md (Step 5) contains commands to upload the retro document, manuscripts, and CLI source code.
  • Risk: Although references/secret-scrubbing.md implements redaction for session keys, Stripe keys, GitHub tokens, and common PII (IBAN, SSN), the upload to a public file-sharing service remains a risk for sensitive project data not covered by these specific regex patterns.
  • [COMMAND_EXECUTION]: The skill executes various system commands and third-party tools via the Bash tool to manage files, redact data, and interact with the network.
  • Evidence: Uses gh (GitHub CLI) for issue management, curl for file uploads, and perl/python3 for in-place text replacement in references/secret-scrubbing.md.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data generated in previous sessions, which could contain instructions to manipulate the retrospective results.
  • Ingestion points: Reads artifact files like $RUN_DIR/research/*brief* and $RUN_DIR/proofs/*build-log* in Phase 1.
  • Boundary markers: Absent; the skill reads and parses content directly into the agent context.
  • Capability inventory: The skill has extensive capabilities including file-write (Write tool), network transmission (curl, gh), and local command execution (Bash).
  • Sanitization: Redacts credentials but does not filter for natural language instructions embedded in logs or briefs.
  • [DYNAMIC_EXECUTION]: The skill uses python3 -c and perl -i -pe to perform dynamic string replacements during the scrubbing phase.
  • Evidence: references/secret-scrubbing.md uses python3 -c for exact-value redaction and perl for regex-based pattern matching.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 17, 2026, 07:40 PM
Security Audit — agent-trust-hub — printing-press-retro