relational-thinking
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses metadata and instructions that involve executing Babashka (Clojure) and shell commands for environment validation and data navigation.
- Evidence: The
probefield in the frontmatter containsbb -e '(println ...)'and the usage section providesgrep,ls, andwccommands for querying local files. - Context: These commands are used legitimately for project-specific research navigation and sanity checks.
- [DATA_EXFILTRATION]: The skill instructions direct the agent to access and read multiple files from the user's home directory (~/).
- Evidence: References to files such as
~/amp-thread-*.md,~/relational-thinking-skill-structure.md, and the~/ies/directory inSKILL.md. - Context: These paths are used to locate and organize specific research threads within the author's ecosystem.
- [PROMPT_INJECTION]: The skill is designed to ingest and process a large number of external markdown files, which presents a surface for indirect prompt injection.
- Ingestion points: The agent is instructed to read content from various markdown threads located in
~/(e.g.,amp-thread-*.md). - Boundary markers: There are no instructions provided to treat the content of these threads as data rather than instructions or to use delimiters to prevent accidental command obedience.
- Capability inventory: Across the scripts and usage guides, the agent has access to shell execution, SQL execution via DuckDB, and Babashka scripting.
- Sanitization: No evidence of validation or sanitization of the external file content is present.
Audit Metadata