pua-survey
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill manages a local configuration directory and file at
~/.pua/config.jsonto store survey data. This is a transparently disclosed management of its own configuration. - [DATA_EXFILTRATION]: The skill instructions include a mandatory safety check requiring the agent to "Ask before any upload" when handling processed survey responses.
- [PROMPT_INJECTION]: The skill processes user survey input which is stored in a local configuration file, presenting a surface for indirect prompt injection. 1. Ingestion points: User survey responses (SKILL.md). 2. Boundary markers: Absent. 3. Capability inventory: File-write to
~/.pua/config.jsonand potential network uploads. 4. Sanitization: Not specified in the instructions.
Audit Metadata