printing-press-retro
Warn
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: The skill packages project manuscripts (research briefs, logs, proofs) and the generated CLI source code into ZIP archives and uploads them to the public third-party domain
https://catbox.moe/user/api.phpusingcurl. - Evidence:
references/artifact-packaging.md(Step 5) contains commands to upload the retro document, manuscripts, and CLI source code. - Risk: Although
references/secret-scrubbing.mdimplements redaction for session keys, Stripe keys, GitHub tokens, and common PII (IBAN, SSN), the upload to a public file-sharing service remains a risk for sensitive project data not covered by these specific regex patterns. - [COMMAND_EXECUTION]: The skill executes various system commands and third-party tools via the
Bashtool to manage files, redact data, and interact with the network. - Evidence: Uses
gh(GitHub CLI) for issue management,curlfor file uploads, andperl/python3for in-place text replacement inreferences/secret-scrubbing.md. - [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data generated in previous sessions, which could contain instructions to manipulate the retrospective results.
- Ingestion points: Reads artifact files like
$RUN_DIR/research/*brief*and$RUN_DIR/proofs/*build-log*in Phase 1. - Boundary markers: Absent; the skill reads and parses content directly into the agent context.
- Capability inventory: The skill has extensive capabilities including file-write (
Writetool), network transmission (curl,gh), and local command execution (Bash). - Sanitization: Redacts credentials but does not filter for natural language instructions embedded in logs or briefs.
- [DYNAMIC_EXECUTION]: The skill uses
python3 -candperl -i -peto perform dynamic string replacements during the scrubbing phase. - Evidence:
references/secret-scrubbing.mdusespython3 -cfor exact-value redaction andperlfor regex-based pattern matching.
Audit Metadata