felo-livedoc
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The agent is instructed to execute a Node.js script (
run_livedoc.mjs) via the Bash tool to perform knowledge base operations. - [DATA_EXFILTRATION]: The
uploadcommand inscripts/run_livedoc.mjsusesfs.readFileto read local files specified by the agent and transmits them to the vendor's API. This is a functional requirement for document management but represents a potential data exposure risk if an agent is tricked into uploading sensitive system or configuration files. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8).
- Ingestion points: Untrusted data enters the context through document content, URL additions, and natural language queries processed by
run_livedoc.mjs. - Boundary markers: The execution templates in
SKILL.mdlack explicit delimiters or instructions to ignore embedded commands within the processed data. - Capability inventory: The script possesses file-read (
fs.readFile) and network-write (fetch) capabilities inscripts/run_livedoc.mjs. - Sanitization: There is no evidence of content sanitization or validation to prevent embedded instructions from influencing agent behavior.
- [EXTERNAL_DOWNLOADS]: The script communicates with
https://openapi.felo.ai, which is the official endpoint for the Felo API. This is documented and consistent with the skill's purpose.
Audit Metadata