pua-yes
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill directs the agent to 'Load and follow the yes skill/protocol' and switch to an 'encouragement-first narration'. These directives serve as behavioral overrides. This also introduces an indirect injection surface:
- Ingestion points: The 'yes skill/protocol' referenced in SKILL.md.
- Boundary markers: Absent; the skill does not use delimiters to isolate the protocol instructions.
- Capability inventory: The skill modifies local configuration files and executes CLI commands.
- Sanitization: Absent; external protocol instructions are followed without validation.
- [COMMAND_EXECUTION]: As a Codex CLI alias, the skill is intended to execute shell commands, as evidenced by the requirement for 'command/output evidence' during execution.
- [DATA_EXFILTRATION]: The skill specifies modifying
~/.pua/config.json. Accessing and editing configuration files in the user's home directory is a sensitive operation, though no network activity was observed.
Audit Metadata