setup
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes multiple Bash commands to verify the environment and set up the system, including 'git --version', 'python3 --version', and 'hostname' for environmental checks. It employs 'git init', 'git add', 'git commit', and 'git push' for repository management, and uses 'mkdir' and 'cat' to create configuration directories and files.
- [DATA_EXFILTRATION]: The skill interacts with sensitive file paths and external network endpoints. It accesses legacy configuration files at '
/.config/asgard/config' and '/.config/munin/config' for data migration, and reads and writes to '~/.config/bifrost/config'. It also configures a Git remote URL provided by the user, enabling data transmission to external repositories via 'git push'. - [PROMPT_INJECTION]: The skill facilitates an indirect prompt injection surface by directing the agent to incorporate external repository data into its operational context. Ingestion points: Files within the user's repository (e.g., 'MEMORY.md', 'procedures/', 'journal/') are loaded into the agent's context. Boundary markers: The generated rules file lacks explicit instructions or delimiters to treat the ingested memory data as untrusted or distinct from system instructions. Capability inventory: The skill possesses capabilities for file system access, Bash execution, and Git operations. Sanitization: There is no evidence of content validation or sanitization for the data loaded from the memory repository before it is processed.
Audit Metadata