intelligence-transfer
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill allows loading data from external IPFS Content Identifiers (CIDs). This creates an ingestion surface for untrusted data that could potentially influence agent behavior through indirect prompt injection.
- Ingestion points: Data enters the system via the hooks_transfer tool's load action in SKILL.md.
- Boundary markers: No specific boundary markers or instruction-ignorance tags are mentioned for the ingested patterns.
- Capability inventory: The skill utilizes Bash and several pattern-management tools across its workflows.
- Sanitization: No explicit sanitization or validation of the fetched CID content is documented.
- [DATA_EXFILTRATION]: The skill is designed to publish data to IPFS, which is a public network. This is the intended behavior, and the skill documentation includes clear warnings about the risks of exposing sensitive information or PII.
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute MCP tool calls for managing and transferring patterns.
Audit Metadata