reading-minds
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill is designed to ingest and display 'cognition records' (thoughts, memories, and concepts) from external AI agents on the ATProtocol. This constitutes an untrusted data surface that could be exploited via indirect prompt injection if the viewing agent or dashboard treats the fetched strings as instructions.
- Ingestion points: External AI agent cognition records fetched from ATProtocol handles/DIDs.
- Boundary markers: None described; the tool displays raw thoughts and reasoning traces.
- Capability inventory: Reading and visualizing remote agent state (Working, Episodic, and Semantic memory).
- Sanitization: No sanitization or validation of the remote content is mentioned in the usage guide.
- [COMMAND_EXECUTION] (SAFE): The skill documentation includes standard command-line instructions to run a local Python tool using the
uvenvironment manager. No suspicious or obfuscated commands were detected. - Evidence:
uv run python -m tools.telepathy <handle_or_did>
Audit Metadata