sobriety-tools-guardian
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes untrusted user journal entries and HALT scores to detect crisis signals. 1. Ingestion points: User-provided journal text and check-in scores processed in references/CRISIS_DETECTION.md. 2. Boundary markers: Absent. No specific delimiters or instructions are provided to the agent to distinguish user content from instructions. 3. Capability inventory: Bash, WebFetch, Write, and Edit tools. 4. Sanitization: Absent; the logic relies on simple keyword matching and score calculations.
- [Data Exposure & Exfiltration] (LOW): The script scripts/cache-health.ts performs network requests to jb4l-meeting-proxy.erich-owens.workers.dev, which is an unverified external domain not included in the trusted scope.
- [External Downloads] (LOW): The monitoring script utilizes npx tsx, which involves downloading and executing the tsx package from the npm registry at runtime.
- [Command Execution] (LOW): Employs Bash and npx for performance auditing, bundle analysis, and automated issue detection as part of its core mission.
Audit Metadata