Skills
skills/soul-brews-studio/arra-oracle-skills/schedule/Gen Agent Trust Hub

schedule

Pass

Audited by Gen Agent Trust Hub on Mar 26, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill reads schedule data from a local markdown file and an external API. If these sources are compromised or contain untrusted input, they could provide malicious instructions to the agent.
  • Ingestion points: scripts/calendar.ts reads from ~/.arra/ψ/inbox/schedule.md; scripts/query.ts fetches data from the Oracle API (defaulting to localhost:47778).
  • Boundary markers: Absent. The skill outputs the fetched data directly to the agent's context without delimiters or warnings to ignore embedded instructions.
  • Capability inventory: scripts/calendar.ts executes the cal command via Bun's shell; scripts/query.ts performs network requests and the agent is instructed to execute these scripts via bun.
  • Sanitization: Absent. No validation or escaping is performed on the retrieved data before presentation to the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 26, 2026, 02:42 AM
Security Audit — agent-trust-hub — schedule