skills/tanweai/pua/pua-yes/Gen Agent Trust Hub

pua-yes

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill directs the agent to 'Load and follow the yes skill/protocol' and switch to an 'encouragement-first narration'. These directives serve as behavioral overrides. This also introduces an indirect injection surface:
  • Ingestion points: The 'yes skill/protocol' referenced in SKILL.md.
  • Boundary markers: Absent; the skill does not use delimiters to isolate the protocol instructions.
  • Capability inventory: The skill modifies local configuration files and executes CLI commands.
  • Sanitization: Absent; external protocol instructions are followed without validation.
  • [COMMAND_EXECUTION]: As a Codex CLI alias, the skill is intended to execute shell commands, as evidenced by the requirement for 'command/output evidence' during execution.
  • [DATA_EXFILTRATION]: The skill specifies modifying ~/.pua/config.json. Accessing and editing configuration files in the user's home directory is a sensitive operation, though no network activity was observed.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 02:52 AM
Security Audit — agent-trust-hub — pua-yes