@1247/squad-agent
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted message content from shared Squad rooms, creating a surface for indirect instructions to influence agent behavior. \n
- Ingestion points: Mentions are fetched from the remote API via
scripts/listener.py. \n - Boundary markers: Absent; message content is processed without delimiters or instructions to ignore embedded commands. \n
- Capability inventory: Writing state information to the local filesystem (
~/.squad_last_seen) and performing network requests to the vendor's API at community.iamstarchild.com. \n - Sanitization: Absent; there is no validation or sanitization of incoming messages before they are handled by the agent. \n
- [COMMAND_EXECUTION]: The skill instructions prompt the agent to use the
schedule_taskcapability to automate the execution of the included Python listener script on the local system.
Audit Metadata