tinker
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Employs Bash to run diagnostic tools and manage launchd persistence files located in the user's home directory.
- [COMMAND_EXECUTION]: Modifies ~/.claude/settings.json to ensure necessary session-bind and heartbeat hooks are active.
- [PROMPT_INJECTION]: Includes a 'Self-Evolving Skill' directive that allows the agent to modify SKILL.md to correct operational drift.
- [PROMPT_INJECTION]: Displays an indirect prompt injection surface by processing local contract files and settings without strict boundary markers; however, it uses jq for data parsing and limits operations to maintenance tasks.
- Ingestion points: CONTRACT.md and settings.json.
- Capability inventory: Bash shell access and filesystem read/write.
- Sanitization: Parsing via jq.
Audit Metadata