skills/tanweai/pua/pua-p10/Gen Agent Trust Hub

pua-p10

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to create a directory and modify a configuration file at ~/.pua/config.json. This behavior requires the agent to perform file system operations or execute shell commands to manage local files and directories.
  • [PROMPT_INJECTION]: The skill defines a protocol for loading and following instructions from a configuration file, creating a surface for indirect prompt injection where untrusted data within the file could influence the agent's behavior.
  • Ingestion points: The agent reads and processes data from ~/.pua/config.json (SKILL.md).
  • Boundary markers: Absent; the skill does not define any delimiters or provide instructions to ignore malicious content within the configuration file.
  • Capability inventory: The skill allows file system write access to create the ~/.pua/ directory and modify the config.json file (SKILL.md).
  • Sanitization: Absent; there are no requirements specified for validating or sanitizing the content of the configuration file before the agent adopts its settings.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 02:52 AM
Security Audit — agent-trust-hub — pua-p10