Skills
skills/danielmiessler/personal_ai_infrastructure/FirstPrinciples/Gen Agent Trust Hub

FirstPrinciples

Warn

Audited by Gen Agent Trust Hub on May 2, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill mandates the execution of a curl command to a local endpoint (http://localhost:8888/notify) upon every invocation across all workflow files (SKILL.md, Workflows/Challenge.md, Workflows/Deconstruct.md, and Workflows/Reconstruct.md). This silent execution of shell commands in the background (&) poses a risk if the local service is used to trigger further actions or if the command parameters are manipulated.
  • [PROMPT_INJECTION]: The SKILL.md file instructs the agent to load and apply instructions from an external directory (~/.claude/PAI/USER/SKILLCUSTOMIZATIONS/FirstPrinciples/). This establishes an indirect prompt injection surface where external files (e.g., PREFERENCES.md) are explicitly permitted to override the agent's default behavior and constraints.
  • Ingestion points: External file path ~/.claude/PAI/USER/SKILLCUSTOMIZATIONS/FirstPrinciples/ (SKILL.md).
  • Boundary markers: None identified in the provided instructions to differentiate user-supplied data from skill instructions.
  • Capability inventory: Shell command execution (curl) and local filesystem access.
  • Sanitization: No evidence of content validation or escaping for the loaded configuration files.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 2, 2026, 01:03 AM