Skills
skills/boshu2/agentops/discovery/Gen Agent Trust Hub

discovery

Pass

Audited by Gen Agent Trust Hub on May 5, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface where user-provided goals or external tool outputs can influence the execution of shell commands and downstream skills.
  • Ingestion points: The goal parameter in SKILL.md and the output of the ao search and ao lookup tools in Step 2.
  • Boundary markers: Absent. The skill does not use delimiters or instructions to the agent to treat the goal string as untrusted data.
  • Capability inventory: The skill executes shell commands using ao, bd, and local scripts in the scripts/ directory, and it invokes other skills using the Skill() mechanism.
  • Sanitization: No sanitization or escaping of the goal string is specified before its interpolation into command strings such as ao search "<goal keywords>".
  • [COMMAND_EXECUTION]: The skill relies on shell command execution to interface with local CLI tools (ao, bd) and utility scripts (scripts/checkpoint-commit.sh, scripts/log-telemetry.sh) for telemetry and state management. While these are likely intended for administrative tasks, they serve as the execution vector for the identified injection surface.
Audit Metadata
Risk Level
SAFE
Analyzed
May 5, 2026, 11:37 AM