harvest
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements a mechanism for harvesting knowledge from numerous directories (.agents/) and promoting it to a central hub (~/.agents/learnings/), creating a surface for indirect prompt injection where malicious instructions in processed data could influence future agent actions.
- Ingestion points: Data is extracted from all .agents/ directories in the workspace and user-specified paths like ~/gt/.
- Boundary markers: No explicit delimiters or instructions are provided to isolate the harvested data or signal the agent to ignore embedded commands.
- Capability inventory: The skill utilizes the ao CLI tool to perform extensive file-system operations, including discovery, extraction, and promotion of content.
- Sanitization: There is no evidence of sanitization or validation of the content of the artifacts before they are promoted to the global hub.
- [COMMAND_EXECUTION]: The skill executes multiple shell commands using the ao utility to manage the knowledge lifecycle.
- Evidence: Observed commands include ao harvest with flags for scoping and promotion, ao dedup for merging content, and ao metrics for status reporting.
Audit Metadata