Skills
skills/abilityai/abilities/trinity-remote/Gen Agent Trust Hub

trinity-remote

Warn

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute commands that include user-supplied variables, such as webhook URLs and agent names. For instance, the curl command for testing webhooks and git commands for deployment do not appear to sanitize these inputs, creating a risk for command injection.
  • [DATA_EXFILTRATION]: The notification feature allows users to configure a webhook URL. This creates a network egress point where data can be sent to an arbitrary external endpoint via POST requests.
  • [PROMPT_INJECTION]: The skill's architecture presents an indirect prompt injection surface by processing untrusted user input and metadata and interpolating it into prompts sent to remote agents. \n
  • Ingestion points: Command arguments for exec and run, notification settings, and the template.yaml file. \n
  • Boundary markers: None identified; user inputs are directly interpolated into messages for the mcp__trinity__chat_with_agent tool. \n
  • Capability inventory: The skill has access to the Bash tool and remote communication tools. \n
  • Sanitization: There is no evidence of validation or escaping for user-provided strings before they are used in sensitive contexts.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 5, 2026, 11:46 PM