life-os
Warn
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill directs the agent to execute shell commands, specifically
git log,git status,git branch, andgit diff, in directories that are dynamically discovered by reading local project files such asREADME.md. Executing system commands using paths derived from potentially untrusted or external file content is a security risk for command injection.\n- [DATA_EXFILTRATION]: The skill is configured to access and process sensitive personal information, including financial records such as budgets, investment positions, and financial decisions, as well as personal health logs and weight tracking data located in the/Users/derekxwang/Development/projects/DXW/mono/osdirectory.\n- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by relying on the content of external project documentation to inform its planning and execution logic.\n - Ingestion points: The agent reads project
README.mdfiles to find repository paths andTASK_*.mdfiles to determine outstanding work items inreferences/today.md,references/feedback.md, andreferences/short-term.md.\n - Boundary markers: No explicit markers are present to differentiate between instructions and ingested data.\n
- Capability inventory: The skill can execute shell commands (
git,ls) and perform file system writes.\n - Sanitization: The skill lacks validation of paths or content extracted from documentation before use in system commands.
Audit Metadata