skills/shoootyou/ai-toolkit/health/Gen Agent Trust Hub

health

Pass

Audited by Gen Agent Trust Hub on Jun 21, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill accepts user-provided research topics, focus areas, and specific questions which are subsequently interpolated into the prompts for specialized research agents.
  • Ingestion points: User input is captured in the gather_topic step of workflows/investigate.md.
  • Boundary markers: The orchestrator in workflows/orchestrate.md uses structural XML-like tags (e.g., <objective>, <context>, <evidence_requirements>) to delimit user-supplied content from system instructions.
  • Capability inventory: The skill has access to Bash (for directory and file management), Write/Edit (for creating requests and research summaries), and the Task tool (for spawning sub-agents).
  • Sanitization: The workflow implements a mandatory "Conversational Refinement" process that requires the user to explicitly confirm the interpreted research plan via ask_user before any files are generated or agents are spawned.
  • [COMMAND_EXECUTION]: The skill uses the Bash tool for operational tasks such as directory creation, generating unique identifiers via uuidgen, and performing file integrity checks (e.g., grep for disclaimers). The skill includes explicit self-imposed restrictions that block destructive commands, privilege escalation (sudo), and unauthorized file system access outside of designated .research/ and .requests/ directories.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 21, 2026, 10:27 AM
Security Audit — agent-trust-hub — health