rozenite-agent
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on the execution of the rozenite CLI tool to perform all operations. Evidence: SKILL.md and various domain files (e.g., console.md, network.md) define workflows using
rozenite agent <domain> calland other CLI commands. - [DATA_EXFILTRATION]: The skill provides capabilities to read potentially sensitive data from the target application's environment, including filesystem access and storage inspection. Evidence:
domains/file-system.mdincludes tools likeread-text-fileandread-image-filewhich accept arbitrary paths;domains/storage.mdanddomains/mmkv.mdallow reading storage entries. - [PROMPT_INJECTION]: The skill processes untrusted data from multiple sources, creating an attack surface for indirect prompt injection.
- Ingestion points: Untrusted data is ingested via console logs (
domains/console.md), network traffic recordings (domains/network.md), and application storage/files (domains/storage.md,domains/file-system.md). - Boundary markers: No explicit boundary markers or instructions to disregard embedded instructions are defined in the prompt instructions.
- Capability inventory: The agent can execute domain-specific tools with JSON arguments using the
rozenite agent <domain> callcommand, allowing it to mutate application state or storage. - Sanitization: There is no evidence of sanitization or validation of the retrieved data before it is processed or used by the agent.
Audit Metadata