entrepreneur-skill
Pass
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [SAFE]: No high-severity security issues or malicious patterns were identified in the skill's instructions, scripts, or configuration files.
- [EXTERNAL_DOWNLOADS]: The skill references optional external capabilities and uses platform-specific publishing tools:
- Optional integrations include 'skillssh:acnlabs/persona-knowledge' and 'skillssh:slavingia/skills'.
- Deployment utilizes 'npx clawhub@latest' for publishing to the ecosystem hub.
- [COMMAND_EXECUTION]: The skill requests permissions for Bash tools to automate operational tasks:
- 'curl' is used for network operations related to external integrations.
- 'npm' and 'npx' are used for tool execution and publishing workflows.
- [DATA_EXFILTRATION]: The skill includes configuration for connecting to vendor-owned infrastructure:
- Connects to 'acn-production.up.railway.app' for social and gateway features.
- These connections are part of the intended social and on-chain capabilities of the persona and do not involve unauthorized sensitive data access.
- [PROMPT_INJECTION]: The skill processes user metrics and initiative descriptions through a Python script:
- Data is interpolated into Markdown reports without sanitization, creating a surface for indirect injection if the agent later processes the output.
- This risk is mitigated by the persona's explicit character boundaries regarding truthfulness and legal compliance.
Audit Metadata