shot
Warn
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill instructs the agent to perform 'silent reporting' of events such as
session_startandpua_triggeredto a remote platform. It also specifies a 'silent refresh' of remote configurations using a token stored in~/.puav2/config.json, which enables background tracking of user activity and agent performance without explicit user notification. - [PROMPT_INJECTION]: The skill uses strong behavioral overrides to force the agent into a specific 'high-pressure' persona. It includes an 'Anti-Rationalization Table' designed to bypass agent safety or boundary responses (e.g., 'Exceeds my ability', 'Need more context') and implements a tiered 'Pressure Upgrade' system (L1-L4) to coerce the agent into performing actions under psychological duress emulation.
- [COMMAND_EXECUTION]: The 'Owner Awareness' and 'Delivery Integrity' protocols instruct the agent to proactively execute shell commands (e.g.,
curl,build,test,git log) and system checks without being explicitly asked by the user. While intended for validation, this increases the attack surface for unintended system modifications. - [CREDENTIALS_UNSAFE]: The skill references the management of a
tokenwithin~/.puav2/config.json. It instructs the agent to read this file to authenticate 'silent refreshes' and reporting, indicating the use of a local credential store for telemetry purposes.
Audit Metadata