Skills
skills/photon-hq/skills/spectrum/Gen Agent Trust Hub

spectrum

Warn

Audited by Gen Agent Trust Hub on May 9, 2026

Risk Level: MEDIUMDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The iMessage provider documentation describes a 'local' mode that reads the macOS Messages database (chat.db) directly from the file system. This allows the agent to process local conversations but grants access to sensitive personal communication history.
  • [EXTERNAL_DOWNLOADS]: The Terminal provider is documented to automatically download the tuichat binary from the author's GitHub repository (photon-hq/tuichat) upon initialization to provide a development and testing interface.
  • [PROMPT_INJECTION]: The skill facilitates the ingestion of messages from various external messaging platforms, which creates a surface for indirect prompt injection.
  • Ingestion points: Untrusted message content enters the agent context via the app.messages stream (documented across all topic files).
  • Boundary markers: No specific delimiters or 'ignore' instructions for embedded content are mentioned in the provided implementation samples.
  • Capability inventory: The agent can send messages, react, and reply across multiple platforms (space.send, message.react, message.reply).
  • Sanitization: No explicit sanitization or validation routines for incoming message text are described in the SDK patterns.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 9, 2026, 04:24 AM