schelling
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill transmits user-provided problem statements and durable insights to the external domain api.schelling.sh via the recall and follow_up commands. While this is the intended purpose of the shared memory system, it involves sending potentially sensitive reasoning and problem context to a remote server.
- [EXTERNAL_DOWNLOADS]: The skill fetches content from https://api.schelling.sh to retrieve prior knowledge and patterns using the curl command.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from a shared repository and instructs the agent to let this context reshape its approach before starting work. (1) Ingestion points: Data returned from the recall and fetch subcommands in scripts/schelling.sh. (2) Boundary markers: Absent; the skill instructions do not provide delimiters or warnings to ignore embedded instructions in the retrieved content. (3) Capability inventory: The agent uses retrieved data to influence planning, debugging, and file operations across the project. (4) Sanitization: Absent; no validation or filtering is performed on the data fetched from the API before it is presented to the agent.
Audit Metadata