Skills
skills/terrylica/cc-skills/health-check/Gen Agent Trust Hub

health-check

Warn

Audited by Gen Agent Trust Hub on Jun 26, 2026

Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
  • [PROMPT_INJECTION]: The skill includes 'Self-Evolving Skill' instructions that command the agent to 'fix this file immediately' if issues are detected. This creates a risk where the agent could be manipulated into rewriting its own instructions with malicious logic based on external trigger data.
  • [COMMAND_EXECUTION]: The skill executes shell commands using bun to run local TypeScript files. It specifically uses env -u HTTPS_PROXY -u HTTP_PROXY to bypass environment-level proxy configurations, which can circumvent network security monitoring.
  • [CREDENTIALS_UNSAFE]: The 'doctor' command is designed to perform credential resolution via system-level secrets managers like 1Password and the macOS Keychain. While this is part of the diagnostic functionality, it grants the agent access to high-value secrets.
  • [INDIRECT_PROMPT_INJECTION]: The skill reads from ~/.local/state/pushover/po-audit.jsonl, a file that likely contains data from external notifications.
  • Ingestion points: Local audit log file po-audit.jsonl read via grep and jq.
  • Boundary markers: None identified in the processing instructions.
  • Capability inventory: Subprocess execution via bun and file modification capabilities via the self-evolution prompt.
  • Sanitization: No sanitization or validation of the log content is specified before it is processed by the agent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 26, 2026, 12:25 AM
Security Audit — agent-trust-hub — health-check