relational-thinking

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses metadata and instructions that involve executing Babashka (Clojure) and shell commands for environment validation and data navigation.
  • Evidence: The probe field in the frontmatter contains bb -e '(println ...)' and the usage section provides grep, ls, and wc commands for querying local files.
  • Context: These commands are used legitimately for project-specific research navigation and sanity checks.
  • [DATA_EXFILTRATION]: The skill instructions direct the agent to access and read multiple files from the user's home directory (~/).
  • Evidence: References to files such as ~/amp-thread-*.md, ~/relational-thinking-skill-structure.md, and the ~/ies/ directory in SKILL.md.
  • Context: These paths are used to locate and organize specific research threads within the author's ecosystem.
  • [PROMPT_INJECTION]: The skill is designed to ingest and process a large number of external markdown files, which presents a surface for indirect prompt injection.
  • Ingestion points: The agent is instructed to read content from various markdown threads located in ~/ (e.g., amp-thread-*.md).
  • Boundary markers: There are no instructions provided to treat the content of these threads as data rather than instructions or to use delimiters to prevent accidental command obedience.
  • Capability inventory: Across the scripts and usage guides, the agent has access to shell execution, SQL execution via DuckDB, and Babashka scripting.
  • Sanitization: No evidence of validation or sanitization of the external file content is present.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 04:48 PM
Security Audit — agent-trust-hub — relational-thinking