Skills
skills/denghongcai/operon/operon-core/Gen Agent Trust Hub

operon-core

Pass

Audited by Gen Agent Trust Hub on May 4, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill directs the agent to use the operon CLI with command families like exec, run, and fs, which facilitate remote command execution and file system manipulation.
  • [COMMAND_EXECUTION]: The agent is instructed to read $HOME/.operon/config.yaml, which the text explicitly notes contains "secrets information," thereby exposing sensitive data to the agent's context.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from external node outputs while possessing powerful execution capabilities. 1. Ingestion points: SKILL.md (via operon node list, operon capability list, operon audit show). 2. Boundary markers: Absent in SKILL.md. 3. Capability inventory: fs, exec, service, and run command families in SKILL.md. 4. Sanitization: No sanitization of command output is specified.
Audit Metadata
Risk Level
SAFE
Analyzed
May 4, 2026, 11:25 AM