knowledge-activation
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute the
aocommand-line utility and various Python scripts (such assource_manifest_build.pyandtopic_packet_build.py) that are expected to be present in the user's workspace under the.agents/scripts/directory. This is standard operational behavior for this toolset. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it processes data from the local
.agents/corpus to generate distilled outputs like 'beliefs' and 'playbooks'. - Ingestion points: Contents of the
.agents/directory (packets, topics, and chunks). - Boundary markers: No explicit delimiters or instructions are provided to the agent to distinguish between data and potential instructions embedded within the corpus.
- Capability inventory: Shell command execution via the
aobinary and execution of local Python scripts. - Sanitization: No explicit validation or sanitization of the corpus content is mentioned before it is interpreted by the agent.
Audit Metadata