health
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill contains 'Self-Evolving Skill' instructions that direct the agent to 'fix this file immediately' if instructions are incorrect or workarounds are required. This creates a surface for Indirect Prompt Injection, as the agent is encouraged to rewrite its own source code based on tool outputs (such as audit logs or shell errors) which could be influenced by external data.
- Ingestion points: Reads project audit logs from
$HOME/own/amonic/logs/auditvia shell commands. - Boundary markers: No delimiters or instructions are present to prevent the agent from obeying instructions embedded within the audit logs it reads.
- Capability inventory: Uses the
Bashtool to execute commands and has the capability to modify theSKILL.mdfile based on the provided instructions. - Sanitization: There is no evidence of sanitization or validation of the log content before the agent evaluates it for 'evolution' purposes.
- [COMMAND_EXECUTION]: The skill executes various Bash commands to perform health checks, including process monitoring (
kill -0), job listing (launchctl list), and log inspection (tail). These operations are within the expected scope of a diagnostic tool. - [SAFE]: The skill follows security best practices when checking sensitive environment variables (e.g.,
TELEGRAM_BOT_TOKEN,OP_SERVICE_ACCOUNT_TOKEN) by using shell expansion syntax (${VAR:+SET}) that verifies the variable is set without printing the actual secret values to the console.
Audit Metadata