skills/tanweai/pua/pua-survey/Gen Agent Trust Hub

pua-survey

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill manages a local configuration directory and file at ~/.pua/config.json to store survey data. This is a transparently disclosed management of its own configuration.
  • [DATA_EXFILTRATION]: The skill instructions include a mandatory safety check requiring the agent to "Ask before any upload" when handling processed survey responses.
  • [PROMPT_INJECTION]: The skill processes user survey input which is stored in a local configuration file, presenting a surface for indirect prompt injection. 1. Ingestion points: User survey responses (SKILL.md). 2. Boundary markers: Absent. 3. Capability inventory: File-write to ~/.pua/config.json and potential network uploads. 4. Sanitization: Not specified in the instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 02:52 AM
Security Audit — agent-trust-hub — pua-survey