ratchet
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- COMMAND_EXECUTION (SAFE): Uses the 'ao' CLI and shell utilities like cat, tail, and echo for internal workflow status management. These operations are restricted to the skill's functional scope and do not pose a threat.
- DATA_EXPOSURE (SAFE): Interacts with '.agents/ao/chain.jsonl' to record and verify progress. No sensitive system files, environment variables, or user credentials are accessed or exposed.
- PROMPT_INJECTION (SAFE): Instructions are strictly operational and focus on workflow management. No attempts to bypass security filters or override agent behavior were detected in the skill definition.
- INDIRECT_PROMPT_INJECTION (LOW): The skill possesses an ingestion surface via local state files. Evidence Chain: [1] Ingestion points: '.agents/ao/chain.jsonl' read via cat and ao CLI. [2] Boundary markers: None. [3] Capability inventory: echo (write), cat (read), ao CLI (exec). [4] Sanitization: None. Risk is low as the data is internal to the agent's RPI workflow.
Audit Metadata