Skills
skills/athola/claude-night-market/summon/Gen Agent Trust Hub

summon

Warn

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an Indirect Prompt Injection surface by fetching and processing content from GitHub issues (gh issue view) in modules/intake.md. This untrusted data is used to drive orchestration decisions and project execution stages.
  • Ingestion points: modules/intake.md (fetches titles, bodies, and labels from GitHub issues).
  • Boundary markers: Absent; external data is not delimited or isolated from the agent's instructions.
  • Capability inventory: Extensive capabilities including shell command execution (Bash), file operations (Read, Write), and recursive skill invocation.
  • Sanitization: Absent; content from issues is used directly in logic and passed to scripts.
  • [COMMAND_EXECUTION]: The skill executes local commands using data derived from external sources and establishes persistence within the environment.
  • In modules/intake.md, it runs python3 scripts/deferred_capture.py with arguments populated from potentially malicious GitHub issue content.
  • In SKILL.md, it uses the CronCreate platform feature to schedule a recurring prompt for self-healing, effectively creating a persistence mechanism to maintain the orchestration loop.
  • [DATA_EXFILTRATION]: The skill references a notify.py script in SKILL.md and modules/budget.md to alert an 'overseer'. This component could be leveraged to send sensitive project data or internal budget metrics to an external endpoint.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 29, 2026, 09:24 PM