pua-p10
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to create a directory and modify a configuration file at
~/.pua/config.json. This behavior requires the agent to perform file system operations or execute shell commands to manage local files and directories. - [PROMPT_INJECTION]: The skill defines a protocol for loading and following instructions from a configuration file, creating a surface for indirect prompt injection where untrusted data within the file could influence the agent's behavior.
- Ingestion points: The agent reads and processes data from
~/.pua/config.json(SKILL.md). - Boundary markers: Absent; the skill does not define any delimiters or provide instructions to ignore malicious content within the configuration file.
- Capability inventory: The skill allows file system write access to create the
~/.pua/directory and modify theconfig.jsonfile (SKILL.md). - Sanitization: Absent; there are no requirements specified for validating or sanitizing the content of the configuration file before the agent adopts its settings.
Audit Metadata