inner-life-dream
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/should-dream.shexecutes a Python subprocess to perform probability calculations. It safely handles the input by using a regular expression (^[0-9]*\.?[0-9]+$) to validate that the configuration value is a decimal number before passing it as a command-line argument, effectively preventing command injection patterns. - [PROMPT_INJECTION]: The skill implements logic to scan for 'dream-topic' signals within daily notes, which represents an indirect prompt injection surface.
- Ingestion points: Markdown files located in
memory/daily-notes/and internal state files likememory/inner-state.jsonandmemory/drive.json. - Boundary markers: The script looks for a specific pattern using the regex
<!-- dream-topic: \K[^>]+(?= -->)to identify overriding instructions. - Capability inventory: The skill allows the agent to write new markdown files to
memory/dreams/and update system-relevant JSON files (inner-state.json,drive.json). - Sanitization: While the signal is extracted via a targeted regex, the content within the signal is not sanitized or validated before being presented to the agent as a prompt for creative exploration.
Audit Metadata