Skills
skills/famaoai-creator/gemini-skills/knowledge-portal/Gen Agent Trust Hub

knowledge-portal

Pass

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/launch.cjs uses execSync and spawn to manage local services. It executes npm run dev or npm run build and launches a background bridge server (node bridge.cjs) in the tools/chronos-mirror directory.
  • [EXTERNAL_DOWNLOADS]: The skill triggers npm install within a local tool directory if node_modules are not detected, resulting in the download of external packages from the NPM registry.
  • [PROMPT_INJECTION]: The skill displays an indirect prompt injection surface by ingesting and rendering data from external sources such as PERFORMANCE_DASHBOARD.md and ACE Engine decision logs.
  • Ingestion points: PERFORMANCE_DASHBOARD.md and ACE Engine decision logs as described in the skill capabilities.
  • Boundary markers: No explicit boundary markers or directives to ignore embedded instructions were found in the provided files.
  • Capability inventory: The skill can execute shell commands (execSync) and spawn background processes (spawn) via the launch.cjs script.
  • Sanitization: No sanitization or validation logic is present for the data ingested from the dashboard or logs before visualization.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 13, 2026, 08:41 PM