daemon-status
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill includes 'Self-Evolving Skill' instructions and a 'Post-Execution Reflection' section that explicitly direct the agent to modify the SKILL.md file at runtime to fix issues or update parameters. This recursive instruction pattern can be exploited if an attacker can influence the agent's perception of the tool's performance, leading to the persistence of malicious instructions within the skill file.
- [COMMAND_EXECUTION]: The skill executes a bash script using a heredoc pattern to gather system status. This script performs several active checks:
- Searches for running 'asciinema rec' processes and parses their command lines.
- Searches the filesystem (~/eon and /tmp) for files with the .cast extension.
- Checks for the existence of specific credentials in the macOS keychain using the 'security' utility. This check is performed safely by redirecting output to /dev/null, ensuring secrets are not exposed to the agent context.
- [PROMPT_INJECTION]: (Indirect Prompt Injection surface) The skill reads and displays data from external sources that are not controlled by the skill code itself:
- Ingestion points: Reads the last 5 lines of $HOME/.asciinema/logs/chunker.log and parses $HOME/.asciinema/health.json.
- Boundary markers: None. The content of the logs and health status is printed directly to the agent's context.
- Capability inventory: The skill has access to the 'Bash' tool, which provides broad system access.
- Sanitization: None. External log content is not escaped or validated before being presented to the agent.
Audit Metadata