Skills
skills/curiositech/port-daddy/port-daddy-cli/Gen Agent Trust Hub

port-daddy-cli

Warn

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill allows the execution of arbitrary shell commands through the .portdaddyrc configuration's cmd field and the with-lock tool (e.g., pd with-lock deployment -- npm run deploy).
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by design, as it ingests and processes data from other potentially untrusted or compromised agents via the messaging and notes systems.
  • Ingestion points: add_note, publish_message, get_messages, and check_salvage (as described in SKILL.md and api-reference.md).
  • Boundary markers: Absent; the skill lacks delimiters or explicit instructions to ignore embedded commands within shared messages or notes.
  • Capability inventory: Subprocess execution via cmd and with-lock, file system scanning via scan_project, and network operations via tunnels and webhooks.
  • Sanitization: No evidence of sanitization, escaping, or validation of data retrieved from the inter-agent messaging or note-taking systems.
  • [DATA_EXFILTRATION]: The webhooks and tunnels features allow the agent to transmit internal data to external URLs or expose local services to the public internet.
  • [EXTERNAL_DOWNLOADS]: The skill references and depends on the port-daddy NPM package and an external local daemon process.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 14, 2026, 05:07 AM