zr-doctor
Pass
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides asset files for 'launchd' and 'systemd' to configure the 'probe-nexus' daemon as a persistent background service on macOS and Linux systems.\n- [COMMAND_EXECUTION]: The agent is instructed to use various 'probe' CLI commands to manage local health, authentication tokens, and registration status.\n- [DATA_EXFILTRATION]: The skill utilizes 'probe message send' to transmit status updates to a remote logging channel. This functionality is intended for personal activity tracking but involves sending data to an external service.\n- [PROMPT_INJECTION]: The repair workflow driven by the 'probe next' command presents an indirect prompt injection surface.\n
- Ingestion points: The repair logic in SKILL.md is triggered by the 'kind: repair' output from the 'probe next' tool.\n
- Boundary markers: There are no delimiters used to isolate tool output from the agent's instructions.\n
- Capability inventory: The skill can perform re-authentication and registration via 'probe onboard', which modifies sensitive identity and token state.\n
- Sanitization: No validation or sanitization is applied to the data received from the external probe service before it influences agent behavior.
Audit Metadata