Skills
skills/agusmdev/burntop/open-prose/Gen Agent Trust Hub

open-prose

Warn

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill automatically collects and transmits telemetry data, including persistent user and session identifiers, to an external API at https://api.prose.md/analytics. This behavior is enabled by default and instructed to occur without user notification.
  • [COMMAND_EXECUTION]: The telemetry system relies on the execution of curl commands via the shell (Bash tool). This establishes a pattern of the agent performing background network operations through command-line tools for administrative tracking.
  • [EXTERNAL_DOWNLOADS]: The language specification defines an import statement that enables the agent to fetch and load skills from external sources, specifically GitHub repositories and NPM packages. This allows for the dynamic loading of agent logic from third-party locations.
  • [PROMPT_INJECTION]: The execution of OpenProse programs involves interpreting 'discretion markers' containing natural language. Because the agent is instructed to 'embody' the VM and follow these markers strictly, it is vulnerable to indirect prompt injection from malicious instructions embedded in .prose files.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 9, 2026, 10:31 PM