Skills
skills/zenon-red/skills/zeno-heartbeat/Gen Agent Trust Hub

zeno-heartbeat

Pass

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses local command-line tools probe and gh (GitHub CLI) to interact with organizational systems, manage workspace state, and handle pull requests.
  • [EXTERNAL_DOWNLOADS]: The routine synchronizes development environments by fetching code from the Zenon Red GitHub organization and related personal forks. It also refers to documentation and research hosted on GitHub (e.g., TminusZ/zenon-developer-commons).
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it processes untrusted content from external sources (agent messages, project ideas, and PR comments) which could theoretically contain instructions designed to influence the agent's behavior.
  • Ingestion points: The agent reads and parses data from probe message list, probe idea get, and gh pr view (SKILL.md).
  • Boundary markers: No specific delimiters are utilized to separate untrusted data from system instructions.
  • Capability inventory: The agent can execute CLI commands, modify the local filesystem (ZR.md), and submit proposals to the ecosystem (SKILL.md).
  • Sanitization: No explicit filtering or validation of the ingested message/comment content is present in the skill's instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
May 8, 2026, 01:49 PM