darwin
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill is designed for legitimate ecosystem monitoring and orchestration. It analyzes project metadata, git history, and agent journals to calculate fitness metrics and propose improvements without engaging in harmful activities.\n- [COMMAND_EXECUTION]: The skill uses non-destructive shell commands such as
git log,git shortlog,find, andwcto collect metrics related to project activity and structure. These operations are essential for its stated purpose of lifecycle detection.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes untrusted content from agent journals and feedback files. This surface is inherent to its role in synthesizing cross-agent patterns and is mitigated by the skill's focus on documentation and scoring rather than direct command execution of ingested content.\n - Ingestion points: Agent journals in
.agents/*.mdand feedback in_common/REVERSE_FEEDBACK.md(references/signal-collection.md, references/assessment-models.md).\n - Boundary markers: Absent. Instructions do not specify delimiters for isolating journal data from orchestration commands.\n
- Capability inventory: Git history commands, file system traversal, and state persistence to
.agents/ECOSYSTEM.mdand.agents/darwin.md(SKILL.md, references/signal-collection.md, references/subsystems.md).\n - Sanitization: Absent. Content is processed directly to identify semantic similarities and calculate scores.
Audit Metadata