hello-world
Warn
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill workflow requires executing a local script (
./scripts/get-system-info.cjs). This script is referenced but not included in the provided files, preventing a full security audit of its actions.\n- [DATA_EXFILTRATION] (MEDIUM): The skill is designed to collect 'system information' and include it in the response template. While it does not explicitly show a network exfiltration step, gathering environmental diagnostics for a simple 'Hello World' skill constitutes a sensitive data exposure risk.\n- [Metadata Poisoning] (MEDIUM): The skill is deceptively labeled as a simple response skill ('Hello World'), but its underlying logic involves gathering system-level diagnostics, which is unnecessary for the stated purpose.
Audit Metadata