protocol
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill specifies the 'K-REF' format, which utilizes absolute file paths to reference data anywhere on the disk. The documentation explicitly provides examples of pointing to sensitive files such as private keys, SSH configurations, and system-wide screenshots. While presented as a reference standard for auditing, it provides a structured mechanism for identifying and accessing sensitive local files outside the restricted workspace environment.
- [PROMPT_INJECTION]: The skill implements an indirect prompt injection surface through its 'Sister Script' methodology. In this pattern, the agent is instructed to read external data pointed to by 'K-REFs' emitted by external tools. This ingestion process lacks defined boundary markers or sanitization protocols in the specification, potentially allowing untrusted content to influence agent behavior.
- [COMMAND_EXECUTION]: The documentation references the ability to use shell-based searches (grep) to find protocol definitions and mentions the use of 'Sister scripts' to scan and emit pointers. While no specific executable scripts are included in this skill, the instructions guide the agent to perform operations that interact with the host filesystem and external data sources.
Audit Metadata