quote0-dot-screen
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No malicious instructions, bypass markers, or safety filter overrides were detected. The usage of 'CRITICAL' in documentation is a functional instruction for the agent's operation rather than an attack.
- Data Exposure & Exfiltration (SAFE): The skill uses an environment variable (DOT_API_KEY) for authentication instead of hardcoded secrets. Network operations are limited to the legitimate domain dot.mindreset.tech, and no access to sensitive local files was found.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill has no external package requirements and does not download or execute remote scripts. It uses built-in Python modules (urllib, json).
- Indirect Prompt Injection (LOW): The skill processes data from an external API. Evidence Chain: 1. Ingestion points: device_status.py, list_devices.py, list_tasks.py. 2. Boundary markers: Not present in the script output. 3. Capability inventory: No dangerous system-level capabilities like file-writing or command execution. 4. Sanitization: Standard JSON parsing is performed on API responses.
- Dynamic Execution (SAFE): No use of eval(), exec(), or runtime compilation was detected in the provided scripts.
Audit Metadata