dayuse-commands
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill is designed to run shell commands via
pipenv run inv. These commands interact with Docker, MySQL, and local files. - [EXTERNAL_DOWNLOADS] (LOW): Instructions include
pip install pipenvto set up the environment. pipenv is a widely used and generally trusted dependency manager. - [INDIRECT_PROMPT_INJECTION] (LOW): 1. Ingestion points: Command outputs from tests, logs, and linters are likely processed by the agent. 2. Boundary markers: Absent. 3. Capability inventory: Significant local file and process control via
invoketasks. 4. Sanitization: None. - [DATA_EXPOSURE] (SAFE): A hardcoded absolute path (
/Users/fabiendauvergne/PhpstormProjects/dayuse-com) is present. This reveals the author's local directory structure but is not a credential leak.
Audit Metadata